Initial commit: Terraform configurations for multiple cloud providers

2026-02-01 06:36:02 +00:00
commit 70f160b396
58 changed files with 1813 additions and 0 deletions
--- a/volcengine/.gitignore
+++ b/volcengine/.gitignore
@@ -0,0 +1,29 @@
+# Terraform files
+*.tfstate
+*.tfstate.*
+*.tfvars
+*.tfvars.json
+*.tmp
+
+# Terraform directories
+.terraform/
+.terraform.lock.hcl
+
+# Terragrunt files
+.terragrunt-cache/
+
+# Other common files
+crash.log
+crash.*.log
+*.pid
+*.backup
+
+# Sensitive files
+*.key
+*.pem
+*.crt
+*.cert
+
+# Local environment files
+.env
+.local
--- a/volcengine/CROSS_ARCHITECTURE.md
+++ b/volcengine/CROSS_ARCHITECTURE.md
@@ -0,0 +1,95 @@
+# 跨架构运行说明
+
+## 支持的架构
+
+此 Terraform 配置支持以下架构：
+- Linux AMD64 (x86_64)
+- Linux ARM64
+- macOS AMD64
+- macOS ARM64 (Apple Silicon)
+
+## 本地部署（当前配置）
+
+当前配置使用本地预下载的 provider，仅支持 Linux AMD64 架构。如需在其他架构上运行，请按以下步骤操作：
+
+### 1. 删除本地 provider 配置
+
+```bash
+# 进入相应目录
+cd /path/to/volcengine/personal
+# 或
+cd /path/to/volcengine/company
+
+# 删除本地 provider 配置
+rm -rf .terraform .terraformrc
+```
+
+### 2. 下载对应架构的 provider
+
+根据不同架构下载对应的 provider：
+
+- AMD64: `terraform-provider-volcengine_v0.0.186_linux_amd64.zip`
+- ARM64: `terraform-provider-volcengine_v0.0.186_linux_arm64.zip`
+
+### 3. 配置 provider 路径
+
+创建相应的目录结构并放置 provider 文件：
+
+```bash
+mkdir -p ~/.terraform.d/plugins/registry.terraform.io/volcengine/volcengine/0.0.186/<OS>_<ARCH>/
+```
+
+### 4. 使用网络下载（推荐）
+
+最简单的方式是允许 Terraform 自动下载适合当前架构的 provider：
+
+```bash
+# 删除本地配置
+rm .terraformrc
+
+# 运行初始化
+terraform init
+```
+
+Terraform 会自动下载适合当前架构的 provider。
+
+## GitHub Actions 部署示例
+
+```yaml
+name: Deploy to VolcEngine
+on:
+  push:
+    branches: [ main ]
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest  # 或 ubuntu-22.04-arm
+    
+    strategy:
+      matrix:
+        arch: [amd64, arm64]
+        
+    steps:
+    - uses: actions/checkout@v3
+    
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v2
+      with:
+        terraform_version: 1.5.0
+        
+    - name: Initialize Terraform
+      run: terraform init
+      
+    - name: Plan
+      run: terraform plan
+      
+    - name: Apply
+      run: terraform apply -auto-approve
+```
+
+## 注意事项
+
+1. **认证信息** - 确保在不同环境中正确配置了访问密钥
+2. **网络连接** - 确保可以访问火山引擎 API
+3. **权限** - 确保有足够的权限创建所需的资源
+4. **配额** - 检查目标区域的资源配额
--- a/volcengine/GIT_EXCLUDES.md
+++ b/volcengine/GIT_EXCLUDES.md
@@ -0,0 +1,89 @@
+# Terraform 代码仓库最佳实践
+
+## 应该提交到仓库的文件
+
+1. **配置文件**:
+   - `main.tf` - 主配置文件
+   - `variables.tf` - 变量定义
+   - `outputs.tf` - 输出定义
+   - `providers.tf` - Provider 配置
+   - `versions.tf` - 版本约束
+
+2. **文档文件**:
+   - `README.md` - 项目说明
+   - `CHANGELOG.md` - 变更日志
+   - `LICENSE` - 许可证
+
+3. **配置文件**:
+   - `.gitignore` - Git 忽略规则
+   - `terraform.tfvars.example` - 变量示例文件
+
+## 不应该提交到仓库的文件
+
+### 1. 状态文件 (.tfstate)
+- **原因**: 包含敏感信息和当前基础设施状态
+- **风险**: 泄露基础设施详情，可能导致安全问题
+- **位置**: `terraform.tfstate`, `terraform.tfstate.backup`
+
+### 2. 本地配置文件 (terraform.tfvars)
+- **原因**: 包含敏感的访问密钥和配置
+- **替代方案**: 提交 `terraform.tfvars.example` 作为模板
+
+### 3. Provider 目录 (.terraform/)
+- **原因**: 
+  - 包含下载的 provider 二进制文件
+  - 文件体积大，不适合存入 Git
+  - 二进制文件在不同架构上不同
+- **说明**: 每个用户应通过 `terraform init` 下载
+
+### 4. 锁定文件 (.terraform.lock.hcl)
+- **原因**: 包含特定于本地系统的 provider 校验和
+- **例外**: 如果团队使用相同架构，可选择提交
+
+### 5. 临时和日志文件
+- **原因**: 临时文件，不应进入版本控制
+- **包括**: 日志文件、备份文件、临时文件
+
+## 推荐的 .gitignore 模式
+
+```
+# Terraform
+*.tfstate
+*.tfstate.*
+.terraform/
+.terraform.lock.hcl
+
+# Sensitive files
+terraform.tfvars
+
+# Logs
+*.log
+*.backup
+```
+
+## 安全注意事项
+
+1. **绝不要提交敏感信息**:
+   - 访问密钥 (Access Keys)
+   - 私钥 (Private Keys)
+   - 密码 (Passwords)
+   - 其他认证信息
+
+2. **使用环境变量或外部密钥管理**:
+   - AWS Secrets Manager
+   - HashiCorp Vault
+   - 环境变量
+
+3. **定期审查**:
+   - 检查是否有敏感信息被意外提交
+   - 使用 `git-secrets` 等工具扫描
+
+## 工作流程
+
+1. 开发者克隆仓库
+2. 创建 `terraform.tfvars` 文件 (不提交)
+3. 运行 `terraform init` 下载 providers
+4. 运行 `terraform plan` 和 `terraform apply`
+5. 状态文件仅保存在本地或远程后端
+
+这样可以确保代码库的安全性和可移植性。
--- a/volcengine/README.md
+++ b/volcengine/README.md
@@ -0,0 +1,72 @@
+# 火山引擎 Terraform 配置
+
+此目录包含火山引擎的 Terraform 配置文件，分为个人账号和企业账号两个环境。
+
+## 目录结构
+
+```
+volcengine/
+├── personal/     # 个人账号配置
+│   ├── main.tf
+│   ├── variables.tf
+│   ├── terraform.tfvars
+│   └── README.md
+└── company/      # 企业账号配置
+    ├── main.tf
+    ├── variables.tf
+    ├── terraform.tfvars
+    └── README.md
+```
+
+## 使用说明
+
+### 个人账号
+
+1. 进入个人账号目录：
+```bash
+cd /home/ben/terraform/volcengine/personal
+```
+
+2. 初始化 Terraform：
+```bash
+terraform init
+```
+
+3. 查看计划：
+```bash
+terraform plan
+```
+
+4. 应用配置：
+```bash
+terraform apply
+```
+
+### 企业账号
+
+1. 进入企业账号目录：
+```bash
+cd /home/ben/terraform/volcengine/company
+```
+
+2. 初始化 Terraform：
+```bash
+terraform init
+```
+
+3. 查看计划：
+```bash
+terraform plan
+```
+
+4. 应用配置：
+```bash
+terraform apply
+```
+
+## 注意事项
+
+- 请确保已安装火山引擎的 Terraform Provider
+- 敏感信息已存储在 terraform.tfvars 文件中
+- 在生产环境中使用前请仔细检查所有配置
+- 可以根据需要修改 variables.tf 中的默认值
--- a/volcengine/common/main.tf
+++ b/volcengine/common/main.tf
@@ -0,0 +1,41 @@
+# 火山引擎 Terraform 配置 - 支持多架构
+# 适用于 x86_64 和 ARM64 架构
+
+# 提供商要求
+terraform {
+  required_providers {
+    volcengine = {
+      source  = "volcengine/volcengine"
+      version = "0.0.186"
+    }
+  }
+}
+
+# 提供商配置
+provider "volcengine" {
+  region     = var.region
+  access_key = var.access_key_id
+  secret_key = var.secret_access_key
+}
+
+# 示例资源 - VPC
+resource "volcengine_vpc" "example_vpc" {
+  vpc_name   = var.vpc_name
+  cidr_block = var.cidr_block
+}
+
+# 输出信息
+output "vpc_id" {
+  description = "VPC ID"
+  value       = volcengine_vpc.example_vpc.id
+}
+
+output "vpc_name" {
+  description = "VPC Name"
+  value       = volcengine_vpc.example_vpc.vpc_name
+}
+
+output "region" {
+  description = "Region"
+  value       = var.region
+}
--- a/volcengine/company/.gitignore
+++ b/volcengine/company/.gitignore
@@ -0,0 +1,15 @@
+# Terraform files
+*.tfstate
+*.tfstate.*
+.terraform/
+.terraform.lock.hcl
+
+# Sensitive files
+terraform.tfvars
+
+# Local temporary files
+*.tmp
+*.backup
+
+# Terragrunt
+.terragrunt-cache/
--- a/volcengine/company/.terraformrc
+++ b/volcengine/company/.terraformrc
@@ -0,0 +1,9 @@
+provider_installation {
+  filesystem_mirror {
+    path    = "/home/ben/terraform"
+    include = ["volcengine/*"]
+  }
+  direct {
+    exclude = ["volcengine/*"]
+  }
+}
--- a/volcengine/company/config
+++ b/volcengine/company/config
@@ -0,0 +1,5 @@
+# 火山引擎企业账号配置
+[company]
+access_key_id = AKLTZTc2N2VhMDkyMThlNDFlMmIxYjU1ZDBiNmJmNmM4OWM
+secret_access_key = TVRJeU16aGtNekk1TWpjM05ETTRZams1TURnNU1HUTVNMlZtWTJOalltUQ==
+region = cn-beijing
--- a/volcengine/company/main.tf
+++ b/volcengine/company/main.tf
@@ -0,0 +1,32 @@
+# 火山引擎 Terraform 配置 - 企业账号
+
+terraform {
+  required_providers {
+    volcengine = {
+      source  = "volcengine/volcengine"
+      version = "0.0.186"  # 使用最新可用版本
+    }
+  }
+}
+
+# 示例资源 - VPC
+resource "volcengine_vpc" "company_vpc" {
+  vpc_name   = var.vpc_name
+  cidr_block = var.cidr_block
+}
+
+# 输出信息
+output "vpc_id" {
+  description = "Company VPC ID"
+  value       = volcengine_vpc.company_vpc.id
+}
+
+output "vpc_name" {
+  description = "Company VPC Name"
+  value       = volcengine_vpc.company_vpc.vpc_name
+}
+
+output "region" {
+  description = "Region"
+  value       = var.region
+}
--- a/volcengine/company/providers.tf
+++ b/volcengine/company/providers.tf
@@ -0,0 +1,6 @@
+# 配置本地 provider
+provider "volcengine" {
+  region      = var.region
+  access_key  = var.access_key_id
+  secret_key  = var.secret_access_key
+}
--- a/volcengine/company/variables.tf
+++ b/volcengine/company/variables.tf
@@ -0,0 +1,30 @@
+# 火山引擎 Terraform 变量定义
+
+variable "region" {
+  description = "目标区域"
+  type        = string
+  default     = "cn-beijing"
+}
+
+variable "access_key_id" {
+  description = "访问密钥ID"
+  type        = string
+}
+
+variable "secret_access_key" {
+  description = "秘密访问密钥"
+  type        = string
+  sensitive   = true
+}
+
+variable "vpc_name" {
+  description = "VPC名称"
+  type        = string
+  default     = "terraform-vpc"
+}
+
+variable "cidr_block" {
+  description = "VPC CIDR块"
+  type        = string
+  default     = "10.0.0.0/16"
+}
--- a/volcengine/main.tf
+++ b/volcengine/main.tf
@@ -0,0 +1,15 @@
+terraform {
+  required_providers {
+    volcengine = {
+      source = "volcengine/volcengine"
+      version = "0.0.129"
+    }
+  }
+}
+
+provider "volcengine" {
+  # 这里需要配置访问凭证
+  # access_key = "your-access-key"
+  # secret_key = "your-secret-key"
+  # region = "cn-beijing"
+}
--- a/volcengine/personal/.gitignore
+++ b/volcengine/personal/.gitignore
@@ -0,0 +1,15 @@
+# Terraform files
+*.tfstate
+*.tfstate.*
+.terraform/
+.terraform.lock.hcl
+
+# Sensitive files
+terraform.tfvars
+
+# Local temporary files
+*.tmp
+*.backup
+
+# Terragrunt
+.terragrunt-cache/
--- a/volcengine/personal/.terraformrc
+++ b/volcengine/personal/.terraformrc
@@ -0,0 +1,9 @@
+provider_installation {
+  filesystem_mirror {
+    path    = "/home/ben/terraform"
+    include = ["volcengine/*"]
+  }
+  direct {
+    exclude = ["volcengine/*"]
+  }
+}
--- a/volcengine/personal/config
+++ b/volcengine/personal/config
@@ -0,0 +1,5 @@
+# 火山引擎个人账号配置
+[personal]
+access_key_id = AKLTYWQwMjgyNWM1ZmIzNDk3MTljYzNmNTgyMjQ2NzU2ZGY
+secret_access_key = T0RGak9UY3dZV05qT1RCbU5HVXpabUkwTXpSaVpEQmlNbVF3WWpObU0yTQ==
+region = cn-beijing
--- a/volcengine/personal/main.tf
+++ b/volcengine/personal/main.tf
@@ -0,0 +1,32 @@
+# 火山引擎 Terraform 配置 - 个人账号
+
+terraform {
+  required_providers {
+    volcengine = {
+      source  = "volcengine/volcengine"
+      version = "0.0.186"  # 使用最新可用版本
+    }
+  }
+}
+
+# 示例资源 - VPC
+resource "volcengine_vpc" "personal_vpc" {
+  vpc_name   = var.vpc_name
+  cidr_block = var.cidr_block
+}
+
+# 输出信息
+output "vpc_id" {
+  description = "Personal VPC ID"
+  value       = volcengine_vpc.personal_vpc.id
+}
+
+output "vpc_name" {
+  description = "Personal VPC Name"
+  value       = volcengine_vpc.personal_vpc.vpc_name
+}
+
+output "region" {
+  description = "Region"
+  value       = var.region
+}
--- a/volcengine/personal/providers.tf
+++ b/volcengine/personal/providers.tf
@@ -0,0 +1,6 @@
+# 配置本地 provider
+provider "volcengine" {
+  region      = var.region
+  access_key  = var.access_key_id
+  secret_key  = var.secret_access_key
+}
--- a/volcengine/personal/variables.tf
+++ b/volcengine/personal/variables.tf
@@ -0,0 +1,30 @@
+# 火山引擎 Terraform 变量定义
+
+variable "region" {
+  description = "目标区域"
+  type        = string
+  default     = "cn-beijing"
+}
+
+variable "access_key_id" {
+  description = "访问密钥ID"
+  type        = string
+}
+
+variable "secret_access_key" {
+  description = "秘密访问密钥"
+  type        = string
+  sensitive   = true
+}
+
+variable "vpc_name" {
+  description = "VPC名称"
+  type        = string
+  default     = "terraform-vpc"
+}
+
+variable "cidr_block" {
+  description = "VPC CIDR块"
+  type        = string
+  default     = "172.16.0.0/16"
+}
--- a/volcengine/provider-config.hcl
+++ b/volcengine/provider-config.hcl
@@ -0,0 +1,21 @@
+# 配置多架构支持
+provider_installation {
+  filesystem_mirror {
+    path    = "${getenv("HOME")}/.terraform.d/plugins"
+    include = ["volcengine/*"]
+  }
+  direct {
+    exclude = ["volcengine/*"]
+  }
+}
+
+# 或者允许从网络下载
+provider_installation {
+  network_mirror {
+    url = "https://releases.hashicorp.com"
+    include = ["*/*"]
+  }
+  direct {
+    exclude = []
+  }
+}