kubernetes - 如何使用 terraform 限制 kubernetes 集群上的磁盘使用

Question

背景

我一直在尝试 GCP 免费计划。我正在尝试学习如何将 gitops 与 IaC 一起应用。为此，我尝试使用 terraform 创建 kubernetes 集群的基础设施，并使用 google 作为云提供商。

管理配置 Github 操作以在推送时应用更改。但是我收到以下错误:

│ Error: googleapi: Error 403: Insufficient regional quota to satisfy request: resource "SSD_TOTAL_GB": request requires '300.0' and is short '50.0'. project has a quota of '250.0' with '250.0' available. View and manage quotas at https://console.cloud.google.com/iam-admin/quotas?usage=USED&project=swift-casing-370717., forbidden
│ 
│   with google_container_cluster.primary,
│   on main.tf line 26, in resource "google_container_cluster" "primary":
│   26: resource "google_container_cluster" "primary" ***

配置

上面提到的terraform配置文件如下:

# https://registry.terraform.io/providers/hashicorp/google/latest/docs
provider "google" {
  project = "redacted"
  region  = "europe-west9"
}

# https://www.terraform.io/language/settings/backends/gcs
terraform {
  backend "gcs" {
    bucket = "redacted"
    prefix = "terraform/state"
  }
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "~> 4.0"
    }
  }
}

resource "google_service_account" "default" {
  account_id   = "service-account-id"
  display_name = "We still use master"
}

resource "google_container_cluster" "primary" {
  name     = "k8s-cluster"
  location = "europe-west9"

  # We can't create a cluster with no node pool defined, but we want to only use
  # separately managed node pools. So we create the smallest possible default
  # node pool and immediately delete it.
  remove_default_node_pool = true
  initial_node_count       = 1
}

resource "google_container_node_pool" "primary_preemptible_nodes" {
  name       = "k8s-node-pool"
  location   = "europe-west9"
  cluster    = google_container_cluster.primary.name
  node_count = 1

  node_config {
    preemptible  = true
    machine_type = "e2-small"

    # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
    service_account = google_service_account.default.email
    oauth_scopes = [
      "https://www.googleapis.com/auth/cloud-platform"
    ]
  }
}

问题

我似乎需要限制资源，使它们最多使用 250 GB，我该怎么做？

我尝试过的

减少node_pool size .

根据文档默认大小为100GB，将其更改为50，如下所示:

resource "google_container_node_pool" "primary_preemptible_nodes" {
  name       = "k8s-node-pool"
  location   = "europe-west9"
  cluster    = google_container_cluster.primary.name
  node_count = 1

  node_config {
    preemptible  = true
    machine_type = "e2-small"
    disk_size_gb = 50

    # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
    service_account = google_service_account.default.email
    oauth_scopes = [
      "https://www.googleapis.com/auth/cloud-platform"
    ]
  }
}

尽管减小了大小，但错误消息根本没有改变。

Answer 1

google_container_cluster 资源还允许您指定磁盘使用情况。更新配置如下:

resource "google_container_cluster" "primary" {
  name     = "k8s-cluster"
  location = "europe-west9"

  # We can't create a cluster with no node pool defined, but we want to only use
  # separately managed node pools. So we create the smallest possible default
  # node pool and immediately delete it.
  remove_default_node_pool = true
  initial_node_count       = 1

  node_config {
    disk_size_gb = 50
  }

}