ProHoster > Pūnaewele > Nā Administration > Loaʻa iā Amazon EKS Windows ma GA nā pōpoki, akā ʻo ia ka wikiwiki

Loaʻa iā Amazon EKS Windows ma GA nā pōpoki, akā ʻo ia ka wikiwiki

Loaʻa iā Amazon EKS Windows ma GA nā pōpoki, akā ʻo ia ka wikiwiki

Aloha ahiahi, makemake wau e kaʻana like me ʻoe i koʻu ʻike i ka hoʻonohonoho ʻana a me ka hoʻohana ʻana i ka lawelawe AWS EKS (Elastic Kubernetes Service) no nā pahu Windows, a i ʻole e pili ana i ka hiki ʻole o ka hoʻohana ʻana, a me ka pahu i loaʻa i ka pahu ʻōnaehana AWS, no kēlā ka poʻe hoihoi i kēia lawelawe no nā pahu Windows, e ʻoluʻolu ma lalo o ka cat.

ʻIke wau ʻaʻole he kumuhana kaulana nā pahu Windows, a he liʻiliʻi ka poʻe e hoʻohana iā lākou, akā ua hoʻoholo wau e kākau i kēia ʻatikala, ʻoiai aia kekahi mau ʻatikala ma Habré ma kubernetes a me Windows a aia nō kēlā mau kānaka.

ʻO ka hoʻomaka

Ua hoʻomaka ia i ka wā i hoʻoholo ʻia e neʻe i nā lawelawe i kā mākou hui i kubernetes, ʻo ia ka 70% Windows a me 30% Linux. No kēia kumu, ua manaʻo ʻia ka lawelawe kapuaʻi AWS EKS ʻo ia kekahi o nā koho hiki. A hiki i ʻOkakopa 8, 2019, aia ʻo AWS EKS Windows i ka Public Preview, ua hoʻomaka wau me ia, ua hoʻohana ʻia ka mana kahiko 1.11 o kubernetes ma laila, akā ua hoʻoholo wau e nānā a ʻike i ke ʻano o kēia lawelawe kapuaʻi, inā e hana ana. i nā mea a pau, e like me ka mea i ʻike ʻia, ʻaʻole, aia ma laila kahi bug me ka hoʻohui ʻana o ka wehe ʻana i nā pods, ʻoiai ka poʻe kahiko i hoʻōki i ka pane ʻana ma o ka ip kūloko mai ka subnet like me ka puka makani limahana node.

No laila, ua hoʻoholo ʻia e haʻalele i ka hoʻohana ʻana iā AWS EKS no kā mākou hui ponoʻī ma nā kubernetes ma ka EC2 like, ʻo mākou wale nō e wehewehe i nā kaulike āpau a me HA iā mākou iho ma CloudFormation.

Loaʻa maʻamau ke kākoʻo ʻo Amazon EKS Windows Container i kēia manawa

na Martin Beeby | ma ka lā 08 ʻOkakopa 2019

Ma mua o koʻu loaʻa ʻana o ka manawa e hoʻohui i kahi mamana i CloudFormation no kaʻu puʻupuʻu ponoʻī, ʻike wau i kēia nūhou Loaʻa maʻamau ke kākoʻo ʻo Amazon EKS Windows Container i kēia manawa

ʻOiaʻiʻo, waiho wau i kaʻu hana a pau a hoʻomaka wau e aʻo i kā lākou i hana ai no GA, a pehea i loli ai nā mea āpau me ka Public Preview. ʻAe, AWS, hana maikaʻi, hōʻano hou i nā kiʻi no ka puka makani limahana node i ka mana 1.14, a me ka puʻupuʻu ponoʻī, version 1.14 ma EKS, ke kākoʻo nei i nā nodes windows. Papahana e ka Public Preview ma github Ua uhi lākou a ʻōlelo i kēia manawa e hoʻohana i ka palapala mana ma aneʻi: Kākoʻo EKS Windows

Hoʻohui i kahi pūʻulu EKS i loko o ka VPC a me nā subnets o kēia manawa

Ma nā kumu a pau, ma ka loulou ma luna o ka hoʻolaha a me ka palapala, ua manaʻo ʻia e hoʻonohonoho i ka pūʻulu ma o ka pono eksctl proprietary a i ʻole ma CloudFormation + kubectl ma hope, e hoʻohana wale ana i nā subnets lehulehu ma Amazon, a me ka hana ʻana i kahi VPC hoʻokaʻawale no kahi pūʻulu hou.

ʻAʻole kūpono kēia koho no nā mea he nui; ʻo ka mea mua, ʻo ka VPC ʻokoʻa ke ʻano o nā kumukūʻai hou no kāna kumukūʻai + kaʻa ʻike i kāu VPC o kēia manawa. He aha nā mea e pono ai ka poʻe i loaʻa i kahi ʻōnaehana mākaukau i AWS me kā lākou mau moʻokāki AWS ponoʻī, VPC, subnets, papa ala, ka puka transit a pēlā aku? ʻOiaʻiʻo, ʻaʻole ʻoe makemake e uhaʻi a hana hou i kēia mau mea a pau, a pono ʻoe e hoʻohui i ka pūʻulu EKS hou i loko o ka ʻoihana pūnaewele o kēia manawa, me ka hoʻohana ʻana i ka VPC i loaʻa a, no ka hoʻokaʻawale ʻana, i ka hapa nui e hana i nā subnets hou no ka hui.

I koʻu hihia, ua koho ʻia kēia ala, ua hoʻohana au i ka VPC i loaʻa, hoʻohui wale i 2 subnets lehulehu a me 2 subnets pilikino no ka hui hou, ʻoiaʻiʻo, ua mālama ʻia nā lula āpau e like me ka palapala. E hana i kāu Amazon EKS Cluster VPC.

Hoʻokahi nō kūlana: ʻaʻohe nodes limahana ma nā subnets lehulehu e hoʻohana ana i ka EIP.

eksctl vs CloudFormation

E hoʻopaʻa koke wau no ka hoʻāʻo ʻana i nā ʻano ʻelua o ka lawe ʻana i kahi pūpū, ma nā hihia ʻelua ua like ke kiʻi.

E hōʻike wau i kahi laʻana me ka hoʻohana ʻana i ka eksctl no ka mea e pōkole ke code ma aneʻi. Me ka hoʻohana ʻana i ka exctl, e kau i ka pūʻulu i 3 mau ʻanuʻu:

1. Hoʻokumu mākou i ka hui ponoʻī + Linux limahana node, e hoʻokipa ma hope i nā ipu ʻōnaehana a me ka vpc-controller like ʻole.

eksctl create cluster 
--name yyy 
--region www 
--version 1.14 
--vpc-private-subnets=subnet-xxxxx,subnet-xxxxx 
--vpc-public-subnets=subnet-xxxxx,subnet-xxxxx 
--asg-access 
--nodegroup-name linux-workers 
--node-type t3.small 
--node-volume-size 20 
--ssh-public-key wwwwwwww 
--nodes 1 
--nodes-min 1 
--nodes-max 2 
--node-ami auto 
--node-private-networking

I mea e kau ai i kahi VPC e kū nei, e kuhikuhi wale i ka id o kāu mau subnets, a na eksctl e hoʻoholo i ka VPC ponoʻī.

No ka hōʻoia ʻana e kau ʻia kāu mau node limahana i kahi subnet pilikino, pono ʻoe e kuhikuhi --node-private-networking no ka nodegroup.

2. Hoʻokomo mākou i ka vpc-controller i loko o kā mākou puʻupuʻu, a laila e hoʻoponopono i kā mākou mau nodes limahana, e helu ana i ka helu o nā helu IP manuahi, a me ka helu o nā ENI ma ka laʻana, e hoʻohui a wehe iā lākou.

eksctl utils install-vpc-controllers --name yyy --approve

3. Ma hope o ka hoʻomaka ʻana o kāu mau ipu ʻōnaehana ma kāu node limahana Linux, me ka vpc-controller, ʻo nā mea a pau i koe e hana i kahi hui node me nā limahana windows.

eksctl create nodegroup 
--region www 
--cluster yyy 
--version 1.14 
--name windows-workers 
--node-type t3.small 
--ssh-public-key wwwwwwwwww 
--nodes 1 
--nodes-min 1 
--nodes-max 2 
--node-ami-family WindowsServer2019CoreContainer 
--node-ami ami-0573336fc96252d05 
--node-private-networking

Ma hope o ka hoʻopili pono ʻana o kāu node i kāu puʻupuʻu a maikaʻi nā mea a pau, aia ma ke kūlana Mākaukau, akā ʻaʻole.

Hapa ma vpc-controller

Inā mākou e hoʻāʻo e holo i nā pods ma kahi node limahana windows, e loaʻa iā mākou ka hewa:

NetworkPlugin cni failed to teardown pod "windows-server-iis-7dcfc7c79b-4z4v7_default" network: failed to parse Kubernetes args: pod does not have label vpc.amazonaws.com/PrivateIPv4Address]

Inā mākou e nānā hohonu, ʻike mākou i kā mākou hiʻohiʻona ma AWS e like me kēia:

Loaʻa iā Amazon EKS Windows ma GA nā pōpoki, akā ʻo ia ka wikiwiki

A pono e like me kēia:

Loaʻa iā Amazon EKS Windows ma GA nā pōpoki, akā ʻo ia ka wikiwiki

Mai kēia mea akaka ʻaʻole i hoʻokō ka vpc-controller i kāna ʻāpana no kekahi kumu a ʻaʻole hiki ke hoʻohui i nā leka uila IP hou i ka laʻana i hiki i nā pods ke hoʻohana iā lākou.

E nānā kākou i nā lāʻau o ka vpc-controller pod a ʻo kēia ka mea a mākou e ʻike ai:

kubectl log -n kube-system

I1011 06:32:03.910140       1 watcher.go:178] Node watcher processing node ip-10-xxx.ap-xxx.compute.internal.
I1011 06:32:03.910162       1 manager.go:109] Node manager adding node ip-10-xxx.ap-xxx.compute.internal with instanceID i-088xxxxx.
I1011 06:32:03.915238       1 watcher.go:238] Node watcher processing update on node ip-10-xxx.ap-xxx.compute.internal.
E1011 06:32:08.200423       1 manager.go:126] Node manager failed to get resource vpc.amazonaws.com/CIDRBlock  pool on node ip-10-xxx.ap-xxx.compute.internal: failed to find the route table for subnet subnet-0xxxx
E1011 06:32:08.201211       1 watcher.go:183] Node watcher failed to add node ip-10-xxx.ap-xxx.compute.internal: failed to find the route table for subnet subnet-0xxx
I1011 06:32:08.201229       1 watcher.go:259] Node watcher adding key ip-10-xxx.ap-xxx.compute.internal (0): failed to find the route table for subnet subnet-0xxxx
I1011 06:32:08.201302       1 manager.go:173] Node manager updating node ip-10-xxx.ap-xxx.compute.internal.
E1011 06:32:08.201313       1 watcher.go:242] Node watcher failed to update node ip-10-xxx.ap-xxx.compute.internal: node manager: failed to find node ip-10-xxx.ap-xxx.compute.internal.

ʻAʻole i alakaʻi ʻia ka huli ʻana ma Google i kekahi mea, ʻoiai ʻaʻole i loaʻa i kekahi i kēia bug, a ʻaʻole i kau i kahi pilikia ma luna, pono wau e noʻonoʻo mua i nā koho. ʻO ka mea mua i komo i ka noʻonoʻo ʻo ia paha ʻaʻole hiki i ka vpc-controller ke hoʻoholo i ka ip-10-xxx.ap-xxx.compute.internal a hiki i laila a no laila hiki mai nā hewa.

ʻAe, ʻoiaʻiʻo, hoʻohana mākou i nā kikowaena DNS maʻamau i ka VPC a, ma ke kumu, ʻaʻole mākou e hoʻohana i nā Amazon, no laila ʻaʻole i hoʻonohonoho ʻia ka hoʻouna ʻana no kēia kikowaena ap-xxx.compute.internal. Ua ho'āʻo wau i kēia koho, a ʻaʻole i lawe mai i nā hopena, ʻaʻole maʻemaʻe paha ka hoʻāʻo ʻana, a no laila, ʻoi aku ka nui, i ka wā e kamaʻilio pū ai me ke kākoʻo ʻenehana, ua hāʻawi wau i kā lākou manaʻo.

No ka mea ʻaʻohe manaʻo, ua hana ʻia nā pūʻulu palekana āpau e ka eksctl ponoʻī, no laila ʻaʻohe kānalua e pili ana i kā lākou lawelawe ʻana, pololei nō hoʻi nā papa ala, nat, dns, komo pūnaewele me nā nodes limahana.

Eia kekahi, inā hoʻonoho ʻoe i kahi node limahana i kahi subnet lehulehu me ka hoʻohana ʻole ʻana i ka —node-private-networking, ua hoʻonui koke ʻia kēia node e ka vpc-controller a ua hana nā mea a pau e like me ka uaki.

ʻElua mau koho:

  1. E hāʻawi a kali a hiki i ka wehewehe ʻana o kekahi i kēia pōpoki ma AWS a hoʻoponopono lākou, a laila hiki iā ʻoe ke hoʻohana palekana i ka AWS EKS Windows, no ka mea, ua hoʻokuʻu wale lākou ma GA (8 mau lā i hala i ka manawa e kākau ai i kēia ʻatikala), nui paha ka poʻe. e hahai i ke ala like me aʻu .
  2. Kākau i ke kākoʻo AWS a haʻi iā lākou i ke ʻano o ka pilikia me kahi pūʻulu o nā lāʻau mai nā wahi a pau a hōʻoia iā lākou ʻaʻole hana kā lākou lawelawe i ka wā e hoʻohana ai i kāu VPC a me nā subnets, ʻaʻole ia no ka mea i loaʻa iā mākou ke kākoʻo ʻoihana, pono ʻoe e hoʻohana. ʻo ia ma ka liʻiliʻi hoʻokahi :)

Kūkākūkā me nā ʻenekinia AWS

Ma hope o ka hana ʻana i kahi tiketi ma ka portal, ua koho hewa wau e pane mai iaʻu ma o ka Pūnaewele - leka uila a i ʻole ke kikowaena kākoʻo, ma o kēia koho hiki iā lākou ke pane iā ʻoe ma hope o kekahi mau lā, ʻoiai ʻo kaʻu tiketi he Severity - System impaired. 'o ia ka pane i loko o <12 mau hola, a no ka mea he 24/7 kāko'o ka papahana kāko'o pā'oihana, ua mana'olana au i ka mea maika'i loa, akā ua ho'ololi 'ia e like me nā manawa a pau.

Ua waiho ʻole ʻia kaʻu tiketi mai ka Pōʻalima a hiki i ka Pōʻakahi, a laila ua hoʻoholo wau e kākau hou iā lākou a koho i ke koho pane Chat. Ma hope o ka kali ʻana no kahi manawa pōkole, ua koho ʻia ʻo Harshad Madhav e ʻike iaʻu, a laila hoʻomaka ...

We debugged me ia online no 3 hola i ka lālani, e hoʻoili i nā lāʻau, deploying i ka ia puʻupuʻu i loko o ka AWS keʻena hoʻokolohua e emulate i ka pilikia, hana hou i ka hui ma koʻu aoao, a pela aku, ka mea wale nō mākou i hele mai ai mai. ʻO nā lāʻau lāʻau ua maopopo ʻaʻole i hana ka resol i nā inoa kikowaena kūloko AWS, aʻu i kākau ai e pili ana i luna, a ua noi ʻo Harshad Madhav iaʻu e hana i ka hoʻouna ʻana, ʻōlelo ʻia mākou e hoʻohana i ka DNS maʻamau a he pilikia paha kēia.

Hoʻouna i mua

ap-xxx.compute.internal  -> 10.x.x.2 (VPC CIDRBlock)
amazonaws.com -> 10.x.x.2 (VPC CIDRBlock)

ʻO ia ka mea i hana ʻia, ua pau ka lā Ua kākau hou ʻo Harshad Madhav e nānā a pono e hana, akā ʻaʻole, ʻaʻole i kōkua iki ka hoʻoholo.

A laila ua kamaʻilio pū me 2 mau ʻenekini hou, ua haʻalele wale kekahi mai ke kamaʻilio ʻana, ʻoiai ua makaʻu ʻo ia i kahi hihia paʻakikī, ʻo ka lua i hoʻopau hou i koʻu lā i kahi pōʻai holoʻokoʻa o ka debugging, hoʻouna ʻana i nā lāʻau, hana ʻana i nā pūʻulu ma nā ʻaoʻao ʻelua, i ka pau ʻo ia i ʻōlelo maikaʻi, hana ia iaʻu, eia wau ke hana nei wau i nā mea āpau i kēlā me kēia pae i ka palapala kūhelu a e kūleʻa ʻoe.

Ua noi aku au iā ia e haʻalele a hāʻawi i kekahi i kaʻu tiketi inā ʻaʻole ʻoe ʻike i kahi e ʻimi ai i ka pilikia.

ʻO ka hope

I ke kolu o ka la, ua haawiia mai ia'u he enekinia hou o Arun B., a mai ka hoomaka ana mai o ka launa pu ana me ia, ua maopopo koke ia aole keia o na enekinia 3 mamua. Heluhelu ʻo ia i ka mōʻaukala holoʻokoʻa a noi koke e hōʻiliʻili i nā lāʻau me ka hoʻohana ʻana i kāna palapala ponoʻī ma ps1, aia ma kāna github. Ua hahai hou ʻia kēia e nā mea hou a pau o ka hana ʻana i nā hui, ka hoʻopuka ʻana i nā hopena kauoha, ka ʻohi ʻana i nā lāʻau, akā ke neʻe nei ʻo Arun B.

I ka manawa hea mākou i hiki ai i ka hiki -stderrthreshold=debug i kā lākou vpc-controller, a he aha ka mea aʻe? ʻoiaʻiʻo ʻaʻole ia e hana) ʻaʻole hoʻomaka ka pod me kēia koho, ʻo -stderrthreshold=info hana.

Ua pau mākou ma ʻaneʻi a ʻōlelo ʻo Arun B. e hoʻāʻo ʻo ia e hana hou i kaʻu mau wāwae e loaʻa ai ka hewa like. I ka lā aʻe, loaʻa iaʻu kahi pane mai Arun B. ʻaʻole ia i haʻalele i kēia hihia, akā lawe ʻo ia i ka code loiloi o kā lākou vpc-controller a loaʻa kahi i kahi a me ke kumu e hana ʻole ai:

Loaʻa iā Amazon EKS Windows ma GA nā pōpoki, akā ʻo ia ka wikiwiki

No laila, inā ʻoe e hoʻohana i ka papa kuhikuhi nui i kāu VPC, a laila ma ke ʻano maʻamau ʻaʻole ia i hui pū me nā subnets pono, i mea pono no ka vpc-controller, i ka hihia o kahi subnet lehulehu, loaʻa iā ia kahi papa kuhikuhi maʻamau. nona ka hui.

Ma ka hoʻohui lima ʻana i nā hui no ka papa kuhikuhi ala nui me nā subnets pono, a me ka hana hou ʻana i ka nodegroup, hana maikaʻi nā mea a pau.

Manaʻo wau e hōʻike maoli ʻo Arun B. i kēia bug i nā mea hoʻomohala EKS a ʻike mākou i kahi mana hou o vpc-controller kahi e hana ai nā mea a pau ma waho o ka pahu. I kēia manawa ʻo ka mana hou loa: 602401143452.dkr.ecr.ap-southeast-1.amazonaws.com/eks/vpc-resource-controller:0.2.1
loaʻa kēia pilikia.

Mahalo i ka poʻe a pau i heluhelu a hiki i ka hopena, e hoʻāʻo i nā mea a pau āu e hoʻohana ai i ka hana ma mua o ka hoʻokō.

Source: www.habr.com

Pākuʻi i ka manaʻo hoʻopuka