Creating a VM and an instance group from a Container Optimized Image using Terraform
To use Terraform to create configurations and run a VM or an instance group from a Container Optimized Image, follow these steps.
Before you start
If you don't have Terraform, install it and configure the Yandex.Cloud provider. In this use case, a configuration file named example.tf
and located in the ~/yandex-cloud-terraform
directory is used.
Creating and running a VM from a Container Optimized Image
Create VM configuration files
-
Use a Container Optimized Image from the image family of Yandex.Cloud. To do this, add the following lines to the
example.tf
configuration file:data "yandex_compute_image" "container-optimized-image" { family = "container-optimized-image" }
-
Describe the VM by adding the following lines to the
example.tf
configuration file:resource "yandex_compute_instance" "instance-based-on-coi" { boot_disk { initialize_params { image_id = data.yandex_compute_image.container-optimized-image.id } } network_interface { subnet_id = "<subnet ID>" nat = true } resources { cores = 2 memory = 2 } metadata = { docker-container-declaration = file("${path.module}/declaration.yaml") user-data = file("${path.module}/cloud_config.yaml") } }
Where:
subnet_id
: The subnet IDs.
-
Create a cloud specification file named
cloud_config.yaml
in the~/yandex-cloud-terraform
directory. Describe the specification:#cloud-config ssh_pwauth: no users: - name: yc-user sudo: ALL=(ALL) NOPASSWD:ALL shell: /bin/bash ssh_authorized_keys: - "<public SSH key>"
Where:
ssh_authorized_keys
is the public SSH key.
-
Create a specification file Container Optimized Image named
declaration.yaml
in the~/yandex-cloud-terraform
directory. Describe the specification:spec: containers: - image: cr.yandex/yc/demo/coi:v1 securityContext: privileged: false stdin: false tty: false
-
Create a file named
output.tf
in the~/yandex-cloud-terraform
directory to output the VM's public IP address:output "external_ip" { value = yandex_compute_instance.instance-based-on-coi.network_interface.0.nat_ip_address }
Create a VM from a Container Optimized Image
Run the VM with a Container Optimized Image using the Terraform configuration.
-
Make sure that the configuration files are correct.
-
In the command line, go to the
~/yandex-cloud-terraform
directory with the configuration files:cd /Users/<username>/yandex-cloud-terraform
-
Run the check using the command:
terraform plan
Command execution result:
Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. ... Note: You didn't specify an "-out" parameter to save this plan, so Terraform can't guarantee that exactly these actions will be performed if "terraform apply" is subsequently run.
-
-
Deploy your resources in Yandex.Cloud.
-
Run the command:
terraform apply
Command execution result:
data.yandex_compute_image.container-optimized-image: Refreshing state... An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: ... Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value:
-
Confirm that you want to create the resources. To do this, type
yes
:Enter a value: yes
Command execution result:
yandex_compute_instance.instance-based-on-coi: Creating... yandex_compute_instance.instance-based-on-coi: Still creating... [10s elapsed] yandex_compute_instance.instance-based-on-coi: Still creating... [20s elapsed] ... Apply complete! Resources: 1 added, 0 changed, 0 destroyed. Outputs: external_ip = <public IP address>
The necessary resources are created in the folder. When creating a VM, it's assigned a public IP address and hostname (FQDN).
-
-
Check the resources and their settings in the management console.
-
Connect to the VM with the Container Optimized Image.
-
Run the command:
ssh yc-user@<public IP address>
Command execution result:
The authenticity of host '<public IP address> (<public IP address>)' can't be established. ECDSA key fingerprint is SHA256:JPq... Are you sure you want to continue connecting (yes/no/[fingerprint])?
-
Confirm connecting to the VM. To do this, type
yes
:Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Command execution result:
Warning: Permanently added '<public IP address>' (ECDSA) to the list of known hosts. Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-52-generic x86_64) * Documentation: https://help.ubuntu.com ... Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.
-
-
Make an HTTP request to the VM:
curl <public IP address>
Command execution result:
<!DOCTYPE html> <html lang="en"> <head> <meta http-equiv="refresh" content="3"> <title>Yandex.Scale</title> </head> <body> <h1>Hello v1</h1> </body> </html>
Creating and running an instance group with a Container Optimized Image
Create instance group configuration files
-
Save a configuration file named
example.tf
to the~/yandex-cloud-terraform
directory:provider "yandex" { token = "<OAuth token>" cloud_id = "<cloud ID>" folder_id = "<folder ID>" zone = "ru-central1-a" } data "yandex_compute_image" "container-optimized-image" { family = "container-optimized-image" } resource "yandex_compute_instance_group" "ig-with-coi" { name = "ig-with-coi" folder_id = "<folder ID>" service_account_id = "<service account ID>" instance_template { platform_id = "standard-v1" resources { memory = 2 cores = 2 } boot_disk { mode = "READ_WRITE" initialize_params { image_id = data.yandex_compute_image.container-optimized-image.id } } network_interface { network_id = "<network ID>" subnet_ids = ["<subnet IDs>"] nat = true } metadata = { docker-container-declaration = file("${path.module}/declaration.yaml") user-data = file("${path.module}/cloud_config.yaml") } service_account_id = "<service account ID>" } scale_policy { fixed_scale { size = 2 } } allocation_policy { zones = ["<availability zones>"] } deploy_policy { max_unavailable = 2 max_creating = 2 max_expansion = 2 max_deleting = 2 } }
Where:
token
: OAuth token to access Yandex.Cloud.name
: Name of the instance group.folder_id
: ID of the folder.instance_template.network_interface.network_id
: ID of the network.instance_template.network_interface.subnet_ids
: List of subnet IDs.instance_template.service_account_id
: ID of the service account authorized for this instance group.allocation_policy.zones
: List of availability zones.
-
Use the
cloud_config.yaml
anddeclaration.yaml
files from the Create VM configuration files section. -
Create a file named
output.tf
in the~/yandex-cloud-terraform
directory to output the public IPs of each VM instance in the group:output "external_ip" { value = [yandex_compute_instance_group.ig-with-coi.instances[*].network_interface[0].nat_ip_address] }
Create an instance group from a Container Optimized Image
Run the instance group with a Container Optimized Image using the Terraform configuration.
-
Make sure that the configuration files are correct.
-
In the command line, go to the
~/yandex-cloud-terraform
directory with the configuration files:cd /Users/<username>/yandex-cloud-terraform
-
Run the check using the command:
terraform plan
Command execution result:
Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. ... Note: You didn't specify an "-out" parameter to save this plan, so Terraform can't guarantee that exactly these actions will be performed if "terraform apply" is subsequently run.
-
-
Deploy your resources in Yandex.Cloud.
-
Run the command:
terraform apply
Command execution result:
data.yandex_compute_image.container-optimized-image: Refreshing state... An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: ... Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value:
-
Confirm that you want to create the resources. To do this, type
yes
:Enter a value: yes
Command execution result:
yandex_compute_instance_group.ig-with-coi: Creating... yandex_compute_instance_group.ig-with-coi: Still creating... [10s elapsed] yandex_compute_instance_group.ig-with-coi: Still creating... [20s elapsed] ... external_ip = [ [ "<public IP address of VM1>", "<public IP address of VM2>", ], ]
The necessary resources are created in the folder. When creating each VM, it's assigned a public IP address and hostname (FQDN).
-
-
Check the resources and their settings in the management console.
-
Connect to one of the VMs with the Container Optimized Image.
-
Run the command:
ssh yc-user@<public IP address of VM1>
Command execution result:
The authenticity of host '<public IP address of VM1> (<public IP address of VM1>)' can't be established. ECDSA key fingerprint is SHA256:JPq.... Are you sure you want to continue connecting (yes/no/[fingerprint])?
-
Confirm connecting to the VM. To do this, type
yes
:Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Command execution result:
Warning: Permanently added '<public IP address of VM1>' (ECDSA) to the list of known hosts. Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-52-generic x86_64) * Documentation: https://help.ubuntu.com ... Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.
-
-
Make an HTTP request to one of the VM instances in the group:
curl <public IP address of VM1>
Command execution result:
<!DOCTYPE html> <html lang="en"> <head> <meta http-equiv="refresh" content="3"> <title>Yandex.Scale</title> </head> <body> <h1>Hello v1</h1> </body> </html>