ProHoster > Блог > Gudanarwa > Amazon EKS Windows a GA yana da kwari, amma shine mafi sauri

Amazon EKS Windows a GA yana da kwari, amma shine mafi sauri

Amazon EKS Windows a GA yana da kwari, amma shine mafi sauri

Barka da yamma, Ina so in raba tare da ku gwaninta na kafawa da amfani da sabis na AWS EKS (Sabis na Kubernetes na Elastic) don kwantena na Windows, ko kuma game da rashin yiwuwar amfani da shi, da kuma kwaro da aka samu a cikin kwandon tsarin AWS, ga waɗancan. waɗanda ke sha'awar wannan sabis ɗin don kwantena na Windows, don Allah a ƙarƙashin cat.

Na san cewa kwantena na Windows ba sanannen batu ba ne, kuma mutane kaɗan ne ke amfani da su, amma har yanzu na yanke shawarar rubuta wannan labarin, tunda akwai labarai guda biyu akan Habré akan kubernetes da Windows kuma har yanzu akwai irin waɗannan mutane.

Начало

Duk ya fara ne lokacin da aka yanke shawarar ƙaura ayyukan a cikin kamfaninmu zuwa kubernetes, wanda shine 70% Windows da 30% Linux. Don wannan dalili, an ɗauki sabis ɗin girgije na AWS EKS a matsayin ɗayan zaɓuɓɓukan da za a iya yi. Har zuwa Oktoba 8, 2019, AWS EKS Windows yana cikin Preview Jama'a, na fara da shi, ana amfani da tsohuwar sigar 1.11 na kubernetes a can, amma na yanke shawarar duba shi ta wata hanya kuma in ga wane mataki wannan sabis ɗin girgije yake, ko yana aiki. kwata-kwata, kamar yadda ya juya, a'a, akwai bug tare da ƙari na cire kwasfan fayiloli, yayin da tsofaffin suka daina amsawa ta hanyar ip na ciki daga wannan rukunin yanar gizon kamar windows ma'aikacin node.

Sabili da haka, an yanke shawarar yin watsi da amfani da AWS EKS don jin daɗin gungu na kan kubernetes akan EC2 guda ɗaya, kawai za mu bayyana duk daidaitawa da HA kanmu ta hanyar CloudFormation.

Tallafin Akwatin Windows na Amazon EKS Yanzu Gabaɗaya Akwai

by Martin Beeby | a ranar 08 ga Oktoba 2019

Kafin in sami lokaci don ƙara samfuri zuwa CloudFormation don gungu na kaina, na ga wannan labarin Tallafin Akwatin Windows na Amazon EKS Yanzu Gabaɗaya Akwai

Tabbas, na ajiye duk aikina a gefe kuma na fara nazarin abin da suka yi don GA, da yadda komai ya canza tare da Binciken Jama'a. Ee, AWS, an yi kyau sosai, an sabunta hotunan don kumburin ma'aikacin windows zuwa sigar 1.14, da kuma gungu kanta, sigar 1.14 a cikin EKS, yanzu tana goyan bayan nodes windows. Project ta Jama'a Preview a github Sun rufe shi kuma suka ce yanzu amfani da takaddun hukuma a nan: Tallafin Windows EKS

Haɗa tarin EKS zuwa cikin VPC na yanzu da kuma cibiyoyin sadarwa

A cikin duk kafofin, a cikin hanyar haɗin da ke sama a kan sanarwar da kuma a cikin takardun, an ba da shawarar yin amfani da gungu ko dai ta hanyar kayan aikin eksctl ko ta hanyar CloudFormation + kubectl bayan, kawai ta amfani da subnets na jama'a a Amazon, kazalika da ƙirƙirar ware VPC don sabon tari.

Wannan zaɓin bai dace da mutane da yawa ba; da farko, VPC daban yana nufin ƙarin farashi don farashinsa + zirga-zirgar zirga-zirga zuwa VPC na yanzu. Menene ya kamata waɗanda suka riga sun sami shirye-shiryen kayan aikin AWS tare da asusun AWS masu yawa, VPC, subnets, teburin hanya, ƙofar wucewa da sauransu suyi? Tabbas, ba kwa so ku karya ko sake yin duk wannan, kuma kuna buƙatar haɗa sabon gungu na EKS a cikin abubuwan haɗin gwiwar cibiyar sadarwa na yanzu, ta amfani da VPC ɗin da ke akwai kuma, don rabuwa, a mafi yawan ƙirƙira sabbin hanyoyin sadarwa don tari.

A cikin akwati na, an zaɓi wannan hanyar, Na yi amfani da VPC ɗin da ke yanzu, na ƙara 2 kawai na jama'a na jama'a da kuma 2 masu zaman kansu masu zaman kansu don sabon gungu, ba shakka, an yi la'akari da duk dokoki bisa ga takardun. Ƙirƙiri Amazon EKS Cluster VPC.

Hakanan akwai sharadi ɗaya: babu nodes ɗin ma'aikaci a cikin gidajen yanar gizo na jama'a ta amfani da EIP.

eksctl vs CloudFormation

Zan yi ajiyar wuri nan da nan cewa na gwada hanyoyin biyu na ƙaddamar da tari, a cikin duka biyun hoton ɗaya ne.

Zan nuna misali kawai ta amfani da eksctl tunda lambar anan zata kasance gajarta. Amfani da eksctl, tura gungu cikin matakai 3:

1. Mun ƙirƙiri gungu da kanta + kumburin ma'aikacin Linux, wanda daga baya zai karɓi kwantena tsarin da kuma mai sarrafa vpc-mai cuta iri ɗaya.

eksctl create cluster 
--name yyy 
--region www 
--version 1.14 
--vpc-private-subnets=subnet-xxxxx,subnet-xxxxx 
--vpc-public-subnets=subnet-xxxxx,subnet-xxxxx 
--asg-access 
--nodegroup-name linux-workers 
--node-type t3.small 
--node-volume-size 20 
--ssh-public-key wwwwwwww 
--nodes 1 
--nodes-min 1 
--nodes-max 2 
--node-ami auto 
--node-private-networking

Domin tura zuwa VPC data kasance, kawai saka id na rukunin gidajen yanar gizon ku, kuma eksctl zai ƙayyade VPC kanta.

Don tabbatar da cewa an tura nodes ɗin ma'aikatan ku zuwa gidan yanar gizo mai zaman kansa kawai, kuna buƙatar ƙayyade --node-private-networking don nodegroup.

2. Mun shigar da vpc-controller a cikin cluster ɗinmu, wanda zai aiwatar da nodes ɗin ma'aikatan mu, ƙidaya adadin adiresoshin IP kyauta, da kuma adadin ENI a kan misali, ƙara da cire su.

eksctl utils install-vpc-controllers --name yyy --approve

3.Bayan kwantena tsarin ku sun sami nasarar ƙaddamar da kullin ma'aikacin Linux ɗinku, gami da vpc-controller, duk abin da ya rage shine ƙirƙirar wani nodegroup tare da ma'aikatan windows.

eksctl create nodegroup 
--region www 
--cluster yyy 
--version 1.14 
--name windows-workers 
--node-type t3.small 
--ssh-public-key wwwwwwwwww 
--nodes 1 
--nodes-min 1 
--nodes-max 2 
--node-ami-family WindowsServer2019CoreContainer 
--node-ami ami-0573336fc96252d05 
--node-private-networking

Bayan kumburin ku ya yi nasarar haɗawa da tarin ku kuma komai yana da kyau, yana cikin Matsayin Shirye, amma a'a.

Kuskure a cikin vpc-controller

Idan muka yi ƙoƙarin gudanar da kwasfa a kan kullin ma'aikacin windows, za mu sami kuskure:

NetworkPlugin cni failed to teardown pod "windows-server-iis-7dcfc7c79b-4z4v7_default" network: failed to parse Kubernetes args: pod does not have label vpc.amazonaws.com/PrivateIPv4Address]

Idan muka duba zurfi, zamu ga cewa misalinmu a AWS yayi kama da haka:

Amazon EKS Windows a GA yana da kwari, amma shine mafi sauri

Kuma ya kamata ya kasance kamar haka:

Amazon EKS Windows a GA yana da kwari, amma shine mafi sauri

Daga wannan a bayyane yake cewa vpc-controller bai cika sashinsa ba saboda wasu dalilai kuma ba zai iya ƙara sabbin adiresoshin IP a cikin misalin ba don kwas ɗin su yi amfani da su.

Bari mu dubi rajistan ayyukan vpc-controller pod kuma wannan shine abin da muke gani:

kubectl log -n kube-tsarin

I1011 06:32:03.910140       1 watcher.go:178] Node watcher processing node ip-10-xxx.ap-xxx.compute.internal.
I1011 06:32:03.910162       1 manager.go:109] Node manager adding node ip-10-xxx.ap-xxx.compute.internal with instanceID i-088xxxxx.
I1011 06:32:03.915238       1 watcher.go:238] Node watcher processing update on node ip-10-xxx.ap-xxx.compute.internal.
E1011 06:32:08.200423       1 manager.go:126] Node manager failed to get resource vpc.amazonaws.com/CIDRBlock  pool on node ip-10-xxx.ap-xxx.compute.internal: failed to find the route table for subnet subnet-0xxxx
E1011 06:32:08.201211       1 watcher.go:183] Node watcher failed to add node ip-10-xxx.ap-xxx.compute.internal: failed to find the route table for subnet subnet-0xxx
I1011 06:32:08.201229       1 watcher.go:259] Node watcher adding key ip-10-xxx.ap-xxx.compute.internal (0): failed to find the route table for subnet subnet-0xxxx
I1011 06:32:08.201302       1 manager.go:173] Node manager updating node ip-10-xxx.ap-xxx.compute.internal.
E1011 06:32:08.201313       1 watcher.go:242] Node watcher failed to update node ip-10-xxx.ap-xxx.compute.internal: node manager: failed to find node ip-10-xxx.ap-xxx.compute.internal.

Bincike akan Google bai kai ga komai ba, tunda a fili babu wanda ya kama irin wannan kwaro har yanzu, ko kuma bai buga wani batu a kai ba, dole ne in fara tunanin zabin kaina. Abu na farko da ya zo a hankali shi ne cewa watakila vpc-controller ba zai iya warware ip-10-xxx.ap-xxx.compute.internal kuma isa gare shi sabili da haka kurakurai suna faruwa.

Ee, hakika, muna amfani da sabobin DNS na al'ada a cikin VPC kuma, bisa ƙa'ida, ba ma amfani da na Amazon, don haka ko da turawa ba a saita shi don wannan yanki na ap-xxx.compute.internal ba. Na gwada wannan zaɓi, kuma bai kawo sakamako ba, watakila gwajin ba shi da tsabta, sabili da haka, kara, lokacin sadarwa tare da goyon bayan fasaha, na yarda da ra'ayinsu.

Tun da babu ainihin ra'ayi, duk ƙungiyoyin tsaro an ƙirƙira su ne ta hanyar eksctl kanta, don haka babu shakka game da sabis ɗin su, tebur ɗin hanya kuma daidai ne, nat, dns, damar Intanet tare da nodes ɗin ma'aikata kuma akwai.

Bugu da ƙari, idan kun tura kullin ma'aikaci zuwa gidan yanar gizon jama'a ba tare da amfani da-node-private-networking ba, wannan kumburin an sabunta shi nan da nan ta vpc-mai kula da komai kuma komai yayi aiki kamar agogo.

Akwai zaɓuɓɓuka guda biyu:

  1. Ka bar shi kuma jira har sai wani ya bayyana wannan kwaro a cikin AWS kuma ya gyara shi, sannan zaka iya amfani da AWS EKS Windows lafiya, saboda kawai an sake su a GA (kwana 8 sun shude a lokacin rubuta wannan labarin), da yawa za su iya yiwuwa. ku bi hanyar da ni .
  2. Rubuta zuwa Tallafin AWS kuma ku gaya musu ainihin matsalar tare da tarin rajistan ayyukan daga ko'ina kuma ku tabbatar musu cewa sabis ɗin su ba ya aiki yayin amfani da VPC da subnets ɗin ku, ba don komai ba ne muke samun tallafin Kasuwanci, yakamata ku yi amfani da su. a kalla sau daya :)

Sadarwa tare da injiniyoyin AWS

Bayan da na ƙirƙiri tikitin tikiti a tashar yanar gizo, na yi kuskuren zaɓi in ba ni amsa ta hanyar Yanar Gizo - imel ko cibiyar tallafi, ta wannan zaɓin za su iya ba ku amsa bayan ƴan kwanaki kwata-kwata, duk da cewa tikiti na yana da Tsanani - System impired, wanda. yana nufin amsawa a cikin <12 hours, kuma tun da shirin tallafin Kasuwanci yana da goyon bayan 24/7, ina fata mafi kyau, amma ya zama kamar kullum.

An bar tikitina ba tare da raba shi ba daga ranar Juma'a har zuwa Litinin, sannan na yanke shawarar sake rubuta musu takarda kuma na zaɓi zaɓin amsa taɗi. Bayan jira na ɗan lokaci, Harshad Madhav ya nada don ganina, sannan aka fara ...

Mun yi kuskure tare da shi akan layi tsawon sa'o'i 3 a jere, canja wurin rajistan ayyukan, tura gungu iri ɗaya a cikin dakin gwaje-gwaje na AWS don yin koyi da matsalar, sake ƙirƙirar gungu a ɓangarena, da sauransu, abin da kawai muka zo shine daga rajistan ayyukan ya bayyana a sarari cewa resol baya aiki AWS sunayen yanki na ciki, wanda na rubuta game da sama, kuma Harshad Madhav ya nemi in ƙirƙiri turawa, ana zargin muna amfani da DNS na al'ada kuma wannan na iya zama matsala.

Ana turawa

ap-xxx.compute.internal  -> 10.x.x.2 (VPC CIDRBlock)
amazonaws.com -> 10.x.x.2 (VPC CIDRBlock)

Wannan shi ne abin da aka yi, ranar ta ƙare. Harshad Madhav ya rubuta baya don duba shi kuma ya kamata ya yi aiki, amma a'a, ƙudurin bai taimaka ba ko kaɗan.

Daga nan sai aka samu sadarwa tare da wasu injiniyoyi guda 2, daya kawai ya fice daga hirar, da alama yana jin tsoron wani lamari mai sarkakiya, na biyun kuma ya sake kashe ranar na kan cikkaken zage-zage, aika da gundumomi, samar da clusters a bangarorin biyu, a cikin Karshen kawai ya ce da kyau, yana aiki a gare ni, a nan ina yin komai mataki-mataki a cikin takaddun hukuma kuma za ku yi nasara.

Wanda cikin ladabi na tambaye shi ya tafi ya sanya wani a tikiti na idan ba ku san inda za ku nemo matsalar ba.

Ƙarshe

A rana ta uku aka ba ni sabon injiniya Arun B., kuma tun da aka fara tattaunawa da shi, sai aka gane cewa ba injiniyoyi 3 da suka gabata ba ne. Ya karanta dukan tarihin kuma nan da nan ya nemi tattara rajistan ayyukan ta amfani da rubutun kansa akan ps1, wanda ke kan github nasa. An sake biye da wannan tare da duk abubuwan da suka faru na ƙirƙirar gungu, fitar da sakamakon umarni, tattara rajistan ayyukan, amma Arun B. yana tafiya a kan hanyar da ta dace yana yin hukunci da tambayoyin da aka yi mini.

Yaushe muka kai ga kunna -stderrthreshold = debug a cikin vpc-controller, kuma menene ya faru na gaba? ba shakka ba ya aiki) kwafsa kawai baya farawa da wannan zaɓi, kawai -stderrthreshold=info yana aiki.

Mun gama anan sai Arun B. ya ce zai yi kokarin sake maimaita matakai na don samun kuskure iri ɗaya. Kashegari na sami amsa daga Arun B. bai yi watsi da wannan shari'ar ba, amma ya ɗauki lambar dubawa na vpc-controller kuma ya sami wurin da yake da kuma dalilin da yasa ba ya aiki:

Amazon EKS Windows a GA yana da kwari, amma shine mafi sauri

Don haka, idan kun yi amfani da babban tebur na hanya a cikin VPC ɗinku, to, ta hanyar tsoho ba shi da ƙungiyoyi tare da mahimmin subnets, waɗanda suke da mahimmanci ga vpc-controller, a cikin yanayin subnet na jama'a, yana da tebur na al'ada na al'ada. wanda ke da ƙungiya.

Ta hanyar ƙara ƙungiyoyi da hannu don babban tebur na hanya tare da madaidaicin ramukan da ake buƙata, da sake ƙirƙirar ƙungiyar nodegroup, komai yana aiki daidai.

Ina fatan cewa Arun B. zai ba da rahoton wannan kwaro da gaske ga masu haɓaka EKS kuma za mu ga sabon sigar vpc-controller inda komai zai yi aiki daga akwatin. A halin yanzu sabon sigar shine: 602401143452.dkr.ecr.ap-southeast-1.amazonaws.com/eks/vpc-resource-controller:0.2.1
yana da wannan matsala.

Godiya ga duk wanda ya karanta har zuwa ƙarshe, gwada duk abin da za ku yi amfani da shi wajen samarwa kafin aiwatarwa.

source: www.habr.com

Add a comment