Skip to main content
Version: Next

Deploy Cloud Service

Integrating cloud service is the most frequent need in our daily development. Varies from the Object storage、Cloud database to LoadBalancer, cache, or search engine, faster to loading them save more time. Meanwhile, to orchestrate different resources from multi-cloud is quite a pain point.

In this section, we introduce an example of using Alibaba Cloud RDS to show you how to deploy cloud services.

Before starting#

  • Has a cloud vendor account. To keep its permission more secure, we recommend delegating a subaccount of security keys. For example in AliCloud, please head it to Creating RAM.

  • Ensure your account has a sufficient balance

  • Connect to a Kubernetes cluster on this cloud vendor for hosting your cloud services

Enabling cloud vendor Addons#

First, we open up VelaUX Dashboard, switch to the tab Addon, and click up terraform-alibaba:


Notice: KubeVela encrypt all the keys hence no need to worry about its safety


terraform-alibaba addon depends on terraform addon. If the latter isn't enabled, it'll be automatically enabled when the former does. The creating process of cloud services pulls configuration from GitHub. If your control plane cluster that runs KubeVela is very hard to connect to GitHub, please open up the GithubBlocked option in terraform addon.

The terraform-alibaba addon supports the following types of resources and more later on:

  • alibaba-rds
  • alibaba-ack
  • alibaba-ask
  • alibaba-oss
  • alibaba-rds
  • alibaba-redis

Setting up Targets#

The way of deploying cloud services differs from other types of apps, cause its controller only runs in the control plane cluster. Therefore, we need to set the cloud vendor and regional parameters of each target.

Enter the page of Targets, select the cloud service you need. Click Edit to the edit mode or simply create a new one.


The target first mainly describes the Namespace of the Kubernetes cluster and then describes the cloud vendor and region where the cluster is located by setting shared variables.

  • Cloud Service Provider: The cloud service provider is bound to AK/SK. The default name generated by terraform-alibaba is default, so fill in default here.
  • Region: Region, select a region based on this parameter when creating a cloud service. You should fill in the location of the Kubernetes cluster described in the current target so that applications in Kubernetes can directly access the delivered cloud services.

Creating your cloud service#

After finishing setting up the target, let's go to the Applications page and click New Application to create. Similar to other apps, you need to choose the type of your cloud service, such as alibaba-rds; then choose an environment that must have both Cloud Service Provider and Region parameters set up.

Click Next Step to the configuration page. For different vendors, these parameters update accordingly. As for alibaba-rds, it has the following:

  • InstanceName: the name of the instance
  • DatabaseName: the name of the database
  • AccountName: account name by default
  • Password: password by default
  • AllocatePublicConnection: Whether to assign a public network access address
  • DeleteResource: Whether to delete the corresponding cloud service when the app is deleted
  • Privilege: default account permissions


For other cloud resources, you could read the description of each field to get know how to use it.

Set the above parameters according to your needs, click Create to enter the application management page, and click the deploy button to start the deployment of cloud services.

Viewing cloud resource creation status#

Like other apps, cloud service apps also need to switch to the corresponding environment page to view instance information. By default, there are several targets in an environment, and the cloud service will generate a corresponding number of instances.


In the instance list, the instance name, status, resource type, and location are displayed. In the beginning, the name is empty, because the cloud service instance generation takes a certain amount of time, and the name will appear when the instance is generated normally. Click the name to enter the cloud vendor console page corresponding to the resource.


Click the Check the detail button to view the application details. You will find that each instance generates a Secret resource, which generally records the service's access address and key information. Secret resources will be distributed to the cluster and Namespace where the target is located while the control cluster exists. Therefore, other applications in the same environment can directly use the resource in the environment variable to obtain the access address and key.



  • The cloud service instance is in the ProviderNotReady state

First to look at whether the parameters of the target are correctly set according to the documentation guidelines. Then make sure that the AK/SK is correct and the corresponding user has the authority to create the resource.

  • The cloud service is always ProvisioningAndChecking and has no name

The creation of cloud services generally takes a certain amount of time. Please wait or enter the cloud vendor console to view the creation progress.

Last updated on by Wei (段少)