Creating a VM and an instance group from a Container Optimized Image using Terraform
To use Terraform to create configurations and run a VM or an instance group from a Container Optimized Image, follow the steps below.
Getting started
If you do not have Terraform yet, install it and configure the Yandex Cloud provider.
In this tutorial, we use a configuration file named example.tf and located in the ~/cloud-terraform directory.
Creating and running a VM with a COI (Container Optimized Image) image
Create VM configuration files
-
Use a Container Optimized Image from the Yandex Cloud image family. To do this, add these lines to the
example.tfconfiguration file:data "yandex_compute_image" "container-optimized-image" { family = "container-optimized-image" } -
Describe the VM by adding these lines to the
example.tfconfiguration file:resource "yandex_compute_instance" "instance-based-on-coi" { boot_disk { initialize_params { image_id = data.yandex_compute_image.container-optimized-image.id } } network_interface { subnet_id = "<subnet_ID>" nat = true } resources { cores = 2 memory = 2 } metadata = { docker-container-declaration = file("${path.module}/declaration.yaml") user-data = file("${path.module}/cloud_config.yaml") } }Where
subnet_idis the ID of the subnet.If you use the Docker Compose specification, replace the
docker-container-declarationkey with thedocker-composekey inmetadata:metadata = { docker-compose = file("${path.module}/docker-compose.yaml") user-data = file("${path.module}/cloud_config.yaml") } -
Create a cloud specification file named
cloud_config.yamlin the~/cloud-terraformdirectory. Describe the specification:#cloud-config ssh_pwauth: no users: - name: yc-user sudo: ALL=(ALL) NOPASSWD:ALL shell: /bin/bash ssh_authorized_keys: - "<public_SSH_key>"Where
ssh_authorized_keysis the public SSH key value. -
Create a Container Optimized Image specification file named
declaration.yamlin the~/cloud-terraformdirectory. Describe the specification:spec: containers: - image: cr.yandex/yc/demo/coi:v1 securityContext: privileged: false stdin: false tty: false -
Create a file named
output.tfin the~/cloud-terraformdirectory to output the VM public IP address:output "external_ip" { value = yandex_compute_instance.instance-based-on-coi.network_interface.0.nat_ip_address }
Create a VM from a Container Optimized Image
Run the Container Optimized Image VM using the Terraform configuration.
-
Make sure the configuration files are correct.
-
In the command line, go to the
~/cloud-terraformdirectory containing the configuration files:cd /Users/<username>/cloud-terraform -
Run a check using this command:
terraform planResult:
Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. ... Note: You didn't specify an "-out" parameter to save this plan, so Terraform can't guarantee that exactly these actions will be performed if "terraform apply" is subsequently run.
-
-
Deploy your resources in Yandex Cloud.
-
Run this command:
terraform applyResult:
data.yandex_compute_image.container-optimized-image: Refreshing state... An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: ... Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: -
Confirm creating the resources. To do this, type
yes:Enter a value: yesResult:
yandex_compute_instance.instance-based-on-coi: Creating... yandex_compute_instance.instance-based-on-coi: Still creating... [10s elapsed] yandex_compute_instance.instance-based-on-coi: Still creating... [20s elapsed] ... Apply complete! Resources: 1 added, 0 changed, 0 destroyed. Outputs: external_ip = <public_IP_address>This will create the required resources in the folder. The system assigns an IP address and a host name (FQDN) to the newly created VM.
-
-
Check the resources and their settings in the management console.
-
Connect to the Container Optimized Image VM.
-
Run this command:
ssh yc-user@<public_IP_address>Result:
The authenticity of host '<public_IP_address> (<public_IP_address>)' can't be established. ECDSA key fingerprint is SHA256:JPq.... Are you sure you want to continue connecting (yes/no/[fingerprint])? -
Confirm connecting to the VM. To do this, type
yes:Are you sure you want to continue connecting (yes/no/[fingerprint])? yesResult:
Warning: Permanently added '<public_IP_address>' (ECDSA) to the list of known hosts. Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-52-generic x86_64) * Documentation: https://help.ubuntu.com ... Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.
-
-
Make an HTTP request to the VM:
curl <public_IP_address>Result:
<!DOCTYPE html> <html lang="en"> <head> <meta http-equiv="refresh" content="3"> <title>Yandex.Scale</title> </head> <body> <h1>Hello v1</h1> </body> </html>
Creating and running a VM with a COI (Container Optimized Image) image
Create the instance group configuration files
-
Save the
example.tfconfiguration file to the~/cloud-terraformdirectory:provider "yandex" { token = "<IAM_token>" cloud_id = "<cloud_ID>" folder_id = "<folder_ID>" zone = "ru-central1-a" } data "yandex_compute_image" "container-optimized-image" { family = "container-optimized-image" } resource "yandex_compute_instance_group" "ig-with-coi" { name = "ig-with-coi" folder_id = "<folder_ID>" service_account_id = "<service_account_ID>" instance_template { platform_id = "standard-v3" resources { memory = 2 cores = 2 } boot_disk { mode = "READ_WRITE" initialize_params { image_id = data.yandex_compute_image.container-optimized-image.id } } network_interface { network_id = "<network_ID>" subnet_ids = ["<subnet_IDs>"] nat = true } metadata = { docker-container-declaration = file("${path.module}/declaration.yaml") user-data = file("${path.module}/cloud_config.yaml") } } scale_policy { fixed_scale { size = 2 } } allocation_policy { zones = ["<availability_zones>"] } deploy_policy { max_unavailable = 2 max_creating = 2 max_expansion = 2 max_deleting = 2 } }Where:
token: IAM token for access to Yandex Cloud.name: Instance group name.folder_id: Folder ID.instance_template.network_interface.network_id: Network ID.instance_template.network_interface.subnet_ids: List of subnet IDs.instance_template.service_account_id: ID of the service account authorized for this instance group.allocation_policy.zones: Availability zones list.
-
Use the
cloud_config.yamlanddeclaration.yamlfiles from the Create VM configuration files section. -
Create a file named
output.tfin the~/cloud-terraformdirectory to output the public IPs of each VM in the instance group:output "external_ip" { value = [yandex_compute_instance_group.ig-with-coi.instances[*].network_interface[0].nat_ip_address] }
Create an instance group from a Container Optimized Image
Run the Container Optimized Image instance group using the Terraform configuration.
-
Make sure the configuration files are correct.
-
In the command line, go to the
~/cloud-terraformdirectory containing the configuration files:cd /Users/<username>/cloud-terraform -
Run a check using this command:
terraform planResult:
Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. ... Note: You didn't specify an "-out" parameter to save this plan, so Terraform can't guarantee that exactly these actions will be performed if "terraform apply" is subsequently run.
-
-
Deploy your resources in Yandex Cloud.
-
Run this command:
terraform applyResult:
data.yandex_compute_image.container-optimized-image: Refreshing state... An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: ... Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: -
Confirm creating the resources. To do this, type
yes:Enter a value: yesResult:
yandex_compute_instance_group.ig-with-coi: Creating... yandex_compute_instance_group.ig-with-coi: Still creating... [10s elapsed] yandex_compute_instance_group.ig-with-coi: Still creating... [20s elapsed] ... external_ip = [ [ "<VM_1_public_IP_address>", "<VM_2_public_IP_address>", ], ]This will create the required resources in the folder. The system assigns a public IP address and a host name (FQDN) to each newly created VM.
-
-
Check the resources and their settings in the management console.
-
Connect to one of the Container Optimized Image VMs.
-
Run this command:
ssh yc-user@<VM_1_public_IP_address>Result:
The authenticity of host '<VM_1_public_IP_address> (<VM_1_public_IP_address>)' can't be established. ECDSA key fingerprint is SHA256:JPq.... Are you sure you want to continue connecting (yes/no/[fingerprint])? -
Confirm connecting to the VM. To do this, type
yes:Are you sure you want to continue connecting (yes/no/[fingerprint])? yesResult:
Warning: Permanently added '<VM_1_public_IP_address>' (ECDSA) to the list of known hosts. Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-52-generic x86_64) * Documentation: https://help.ubuntu.com ... Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.
-
-
Make an HTTP request to one of the VMs in the instance group:
curl <VM_1_public_IP_address>Result:
<!DOCTYPE html> <html lang="en"> <head> <meta http-equiv="refresh" content="3"> <title>Yandex.Scale</title> </head> <body> <h1>Hello v1</h1> </body> </html>