Nyob zoo tav su, kuv xav qhia rau koj txog kuv qhov kev paub dhau los hauv kev teeb tsa thiab siv AWS EKS (Elastic Kubernetes Service) kev pabcuam rau Windows ntim, lossis xav txog qhov tsis tuaj yeem siv nws, thiab kab laum pom hauv AWS system ntim, rau cov leej twg txaus siab rau qhov kev pabcuam no rau Windows ntim, thov hauv qab miv.
Kuv paub tias Windows ntim tsis yog lub ntsiab lus nrov, thiab ob peb tus neeg siv lawv, tab sis kuv tseem txiav txim siab sau tsab xov xwm no, txij li muaj ob peb nqe lus ntawm Habré ntawm kubernetes thiab Windows thiab tseem muaj cov neeg zoo li no.
Начало
Nws tag nrho pib thaum nws tau txiav txim siab tsiv cov kev pabcuam hauv peb lub tuam txhab mus rau kubernetes, uas yog 70% Windows thiab 30% Linux. Rau lub hom phiaj no, AWS EKS huab kev pabcuam raug suav tias yog ib qho kev xaiv tau. Txog thaum Lub Kaum Hli 8, 2019, AWS EKS Windows yog nyob rau hauv Public Preview, Kuv pib nrog nws, cov qub 1.11 version ntawm kubernetes tau siv nyob rau ntawd, tab sis kuv txiav txim siab los tshuaj xyuas nws lawm thiab saib ntawm theem twg qhov kev pabcuam huab no yog, seb nws puas ua haujlwm. tag nrho, raws li nws tau muab tawm, tsis yog, nws tau muaj kab laum nrog qhov sib ntxiv ntawm kev tshem tawm cov pods, thaum cov laus tsis teb los ntawm ip sab hauv los ntawm tib lub subnet raws li lub qhov rais neeg ua haujlwm node.
Yog li ntawd, nws tau txiav txim siab tso tseg kev siv AWS EKS hauv kev pom zoo ntawm peb tus kheej pawg ntawm kubernetes ntawm tib EC2, tsuas yog peb yuav tsum tau piav qhia txhua qhov sib npaug thiab HA peb tus kheej ntawm CloudFormation.
Amazon EKS Windows Container Support tam sim no Feem ntau Muaj
los ntawm Martin Beeby | ntawm 08 OCT 2019
Ua ntej kuv muaj sijhawm ntxiv ib daim qauv rau CloudFormation rau kuv tus kheej pawg, kuv pom cov xov xwm no
Tau kawg, kuv muab tag nrho kuv txoj haujlwm tso tseg thiab pib kawm qhov lawv tau ua rau GA, thiab txhua yam hloov pauv li cas nrog Public Preview. Yog lawm, AWS, ua tau zoo, hloov kho cov duab rau windows tus neeg ua haujlwm node rau version 1.14, nrog rau pawg nws tus kheej, version 1.14 hauv EKS, tam sim no txhawb nqa windows nodes. Project los ntawm Public Preview ntawm Lawv tau npog nws thiab hais tias tam sim no siv cov ntaub ntawv raug cai ntawm no:
Kev koom ua ke ntawm EKS pawg rau hauv VPC tam sim no thiab subnets
Hauv txhua qhov chaw, hauv qhov txuas saum toj no ntawm cov ntawv tshaj tawm nrog rau hauv cov ntaub ntawv, nws tau thov kom xa cov pawg los ntawm cov khoom siv hluav taws xob eksctl lossis los ntawm CloudFormation + kubectl tom qab, tsuas yog siv pej xeem subnets hauv Amazon, nrog rau tsim ib qho cais VPC rau pawg tshiab.
Qhov kev xaiv no tsis haum rau ntau tus; ua ntej, ib qho VPC cais txhais tau hais tias tus nqi ntxiv rau nws cov nqi + kev sib tw khiav mus rau koj VPC tam sim no. Yuav ua li cas cov neeg uas twb muaj ib tug npaj-ua infrastructure nyob rau hauv AWS nrog lawv tus kheej ntau AWS accounts, VPC, subnets, route tables, transit gateway thiab thiaj li nyob? Tau kawg, koj tsis xav ua txhaum lossis rov ua dua txhua qhov no, thiab koj yuav tsum tau sib koom ua ke EKS pawg tshiab rau hauv lub network tam sim no, siv VPC uas twb muaj lawm thiab, rau kev sib cais, feem ntau tsim cov subnets tshiab rau pawg.
Hauv kuv qhov xwm txheej, txoj kev no tau raug xaiv, kuv siv VPC uas twb muaj lawm, tsuas yog ntxiv 2 pej xeem subnets thiab 2 tus kheej subnets rau pawg tshiab, tau kawg, tag nrho cov kev cai raug coj mus rau hauv tus account raws li cov ntaub ntawv. .
Kuj tseem muaj ib qho xwm txheej: tsis muaj cov neeg ua haujlwm hauv cov subnets pej xeem siv EIP.
eksctl vs CloudFormation
Kuv yuav ua ib qho kev tshwj tseg tam sim ntawd uas kuv tau sim ob txoj hauv kev siv cov pawg, hauv ob qho tib si daim duab yog tib yam.
Kuv yuav qhia ib qho piv txwv tsuas yog siv eksctl vim cov cai ntawm no yuav luv dua. Siv eksctl, xa cov pawg hauv 3 kauj ruam:
1. Peb tsim pawg nws tus kheej + Linux tus neeg ua haujlwm node, uas tom qab ntawd yuav tuav lub kaw lus kaw lus thiab tib yam tsis muaj hmoo vpc-controller.
eksctl create cluster
--name yyy
--region www
--version 1.14
--vpc-private-subnets=subnet-xxxxx,subnet-xxxxx
--vpc-public-subnets=subnet-xxxxx,subnet-xxxxx
--asg-access
--nodegroup-name linux-workers
--node-type t3.small
--node-volume-size 20
--ssh-public-key wwwwwwww
--nodes 1
--nodes-min 1
--nodes-max 2
--node-ami auto
--node-private-networkingTxhawm rau xa mus rau VPC uas twb muaj lawm, tsuas yog qhia tus ID ntawm koj cov subnets, thiab eksctl yuav txiav txim siab VPC nws tus kheej.
Txhawm rau kom ntseeg tau tias koj cov neeg ua haujlwm nodes tsuas yog xa mus rau ib lub subnet ntiag tug xwb, koj yuav tsum qhia meej --node-private-networking rau nodegroup.
2. Peb nruab vpc-controller hauv peb pawg, uas yuav ua rau peb cov neeg ua haujlwm ntawm cov nodes, suav cov naj npawb ntawm cov chaw nyob IP dawb, nrog rau cov lej ntawm ENIs ntawm qhov piv txwv, ntxiv thiab tshem tawm.
eksctl utils install-vpc-controllers --name yyy --approve3.Tom qab koj lub kaw lus kaw tau ua tiav ntawm koj lub Linux neeg ua haujlwm ntawm node, suav nrog vpc-controller, txhua yam uas tseem tshuav yog tsim lwm pawg nrog cov neeg ua haujlwm windows.
eksctl create nodegroup
--region www
--cluster yyy
--version 1.14
--name windows-workers
--node-type t3.small
--ssh-public-key wwwwwwwwww
--nodes 1
--nodes-min 1
--nodes-max 2
--node-ami-family WindowsServer2019CoreContainer
--node-ami ami-0573336fc96252d05
--node-private-networkingTom qab koj lub node tau ua tiav txuas nrog koj pawg thiab txhua yam zoo li zoo, nws nyob hauv qhov xwm txheej Npaj, tab sis tsis yog.
yuam kev hauv vpc-controller
Yog tias peb sim khiav pods ntawm lub qhov rais neeg ua haujlwm node, peb yuav tau txais qhov yuam kev:
NetworkPlugin cni failed to teardown pod "windows-server-iis-7dcfc7c79b-4z4v7_default" network: failed to parse Kubernetes args: pod does not have label vpc.amazonaws.com/PrivateIPv4Address]Yog tias peb saib tob, peb pom tias peb qhov piv txwv hauv AWS zoo li qhov no:
Thiab nws yuav tsum zoo li no:
Los ntawm qhov no nws yog qhov tseeb tias vpc-controller tsis ua tiav nws feem rau qee qhov laj thawj thiab tsis tuaj yeem ntxiv IP chaw nyob tshiab rau qhov piv txwv kom cov pods siv tau.
Cia peb saib cov cav ntawm vpc-controller pod thiab qhov no yog qhov peb pom:
kub ec -n kub-system
I1011 06:32:03.910140 1 watcher.go:178] Node watcher processing node ip-10-xxx.ap-xxx.compute.internal.
I1011 06:32:03.910162 1 manager.go:109] Node manager adding node ip-10-xxx.ap-xxx.compute.internal with instanceID i-088xxxxx.
I1011 06:32:03.915238 1 watcher.go:238] Node watcher processing update on node ip-10-xxx.ap-xxx.compute.internal.
E1011 06:32:08.200423 1 manager.go:126] Node manager failed to get resource vpc.amazonaws.com/CIDRBlock pool on node ip-10-xxx.ap-xxx.compute.internal: failed to find the route table for subnet subnet-0xxxx
E1011 06:32:08.201211 1 watcher.go:183] Node watcher failed to add node ip-10-xxx.ap-xxx.compute.internal: failed to find the route table for subnet subnet-0xxx
I1011 06:32:08.201229 1 watcher.go:259] Node watcher adding key ip-10-xxx.ap-xxx.compute.internal (0): failed to find the route table for subnet subnet-0xxxx
I1011 06:32:08.201302 1 manager.go:173] Node manager updating node ip-10-xxx.ap-xxx.compute.internal.
E1011 06:32:08.201313 1 watcher.go:242] Node watcher failed to update node ip-10-xxx.ap-xxx.compute.internal: node manager: failed to find node ip-10-xxx.ap-xxx.compute.internal.Kev tshawb nrhiav hauv Google tsis ua rau muaj dab tsi, txij li pom meej tias tsis muaj leej twg tau ntes tau tus kab mob no, lossis tsis tau tshaj tawm qhov teeb meem ntawm nws, kuv yuav tsum xav txog kev xaiv kuv tus kheej ua ntej. Thawj qhov uas tau los rau hauv siab yog tias tej zaum tus vpc-controller tsis tuaj yeem daws ip-10-xxx.ap-xxx.compute.internal thiab ncav cuag nws thiab yog li qhov yuam kev tshwm sim.
Yog lawm, qhov tseeb, peb siv kev cai DNS servers hauv VPC thiab, hauv paus ntsiab lus, peb tsis siv Amazon sawv daws, yog li txawm tias kev xa mus tsis tau teeb tsa rau qhov ap-xxx.compute.internal domain. Kuv sim qhov kev xaiv no, thiab nws tsis coj cov txiaj ntsig, tej zaum qhov kev sim tsis huv, thiab yog li ntawd, ntxiv, thaum sib txuas lus nrog kev txhawb nqa, kuv tau ua tiav rau lawv lub tswv yim.
Txij li thaum tsis muaj cov tswv yim tiag tiag, txhua pab pawg kev ruaj ntseg tau tsim los ntawm eksctl nws tus kheej, yog li tsis muaj kev ntseeg siab txog lawv cov kev pabcuam, cov rooj sib tham kuj raug, nat, dns, Internet nkag nrog cov neeg ua haujlwm ntawm cov neeg ua haujlwm kuj muaj.
Ntxiv mus, yog tias koj xa tus neeg ua haujlwm ntawm tus neeg ua haujlwm rau pej xeem subnet yam tsis siv -node-private-networking, node tau hloov kho tam sim ntawd los ntawm vpc-controller thiab txhua yam ua haujlwm zoo li clockwork.
Muaj ob txoj kev xaiv:
- Muab nws thiab tos kom txog thaum ib tus neeg piav qhia txog kab laum no hauv AWS thiab lawv kho nws, thiab tom qab ntawd koj tuaj yeem siv AWS EKS Windows, vim tias lawv nyuam qhuav tso tawm hauv GA (8 hnub dhau los thaum lub sijhawm sau ntawv no), ntau tus yuav zaum. ua raws li kuv txoj kev.
- Sau rau AWS Txhawb nqa thiab qhia lawv lub ntsiab lus ntawm qhov teeb meem nrog tag nrho pawg ntawm cov cav los ntawm txhua qhov chaw thiab ua pov thawj rau lawv tias lawv cov kev pabcuam tsis ua haujlwm thaum siv koj VPC thiab subnets, nws tsis yog rau tsis muaj dab tsi uas peb muaj kev txhawb nqa kev lag luam, koj yuav tsum siv. nws tsawg kawg ib zaug :)
Kev sib txuas lus nrog AWS engineers
Tau tsim ib daim pib ntawm lub portal, kuv yuam kev xaiv los teb rau kuv ntawm Web - email lossis chaw txhawb nqa, los ntawm qhov kev xaiv no lawv tuaj yeem teb koj tom qab ob peb hnub ntawm txhua qhov, txawm tias kuv daim pib muaj qhov hnyav - Qhov System impaired, uas txhais tau hais tias cov lus teb tsis pub dhau <12 teev, thiab txij li lub phiaj xwm kev txhawb nqa Kev Lag Luam muaj 24/7 kev txhawb nqa, kuv vam tias qhov zoo tshaj plaws, tab sis nws tau tig tawm raws li ib txwm muaj.
Kuv daim pib raug tso tseg tsis muab tso rau hnub Friday txog hnub Monday, tom qab ntawd kuv txiav txim siab sau ntawv rau lawv dua thiab xaiv qhov kev xaiv sib tham. Tom qab tos lub sijhawm luv luv, Harshad Madhav tau teem sijhawm los ntsib kuv, thiab tom qab ntawd nws pib ...
Peb debugged nrog nws online rau 3 teev nyob rau hauv kab, hloov cov cav, xa tib lub pawg hauv AWS lub chaw kuaj mob kom ua raws li qhov teeb meem, rov tsim cov pawg ntawm kuv, thiab lwm yam, tib yam peb tuaj txog yog los ntawm cov cav tau pom tseeb tias qhov kev daws teeb meem tsis ua haujlwm AWS hauv cov npe sau npe, uas kuv tau sau txog saum toj no, thiab Harshad Madhav tau hais kom kuv tsim kev xa mus, liam tias peb siv DNS kev cai thiab qhov no tuaj yeem yog teeb meem.
Forwarding
ap-xxx.compute.internal -> 10.x.x.2 (VPC CIDRBlock)
amazonaws.com -> 10.x.x.2 (VPC CIDRBlock)Qhov ntawd yog qhov ua tiav, hnub dhau mus. Harshad Madhav tau sau rov qab los xyuas nws thiab nws yuav tsum ua haujlwm, tab sis tsis yog, qhov kev daws teeb meem tsis pab txhua.
Tom qab ntawd muaj kev sib txuas lus nrog 2 tus kws tshaj lij ntxiv, ib tus tsuas yog tso tawm ntawm kev sib tham, pom meej tias nws ntshai tsam qhov teeb meem nyuaj, qhov thib ob siv kuv ib hnub ntxiv rau tag nrho lub voj voog ntawm kev debugging, xa cov cav, tsim pawg ntawm ob sab, hauv kawg nws nyuam qhuav hais tau zoo, nws ua haujlwm rau kuv, ntawm no kuv yog kuv ua txhua kauj ruam ntawm cov ntaub ntawv raug cai thiab koj thiab koj yuav ua tiav.
Qhov uas kuv tau hais kom nws tawm mus thiab muab lwm tus rau kuv daim pib yog tias koj tsis paub yuav nrhiav qhov teeb meem.
Finale
Hnub peb, ib tug engineer tshiab Arun B. tau muab rau kuv, thiab txij li thaum pib ntawm kev sib txuas lus nrog nws nws tau pom meej tam sim ntawd tias qhov no tsis yog 3 tus engineers yav dhau los. Nws nyeem tag nrho cov keeb kwm thiab tam sim ntawd hais kom sau cov cav siv nws tus kheej tsab ntawv ntawm ps1, uas yog nyob rau hauv nws github. Qhov no tau rov qab los ntawm tag nrho cov iterations ntawm kev tsim pawg, tso tawm cov lus txib, sau cov cav, tab sis Arun B. tau tsiv mus rau txoj kev raug txiav txim los ntawm cov lus nug rau kuv.
Thaum twg peb tau mus rau lub ntsiab lus ntawm enabling -stderrthreshold = debug hauv lawv vpc-controller, thiab dab tsi tshwm sim tom ntej? tau kawg nws tsis ua haujlwm) lub plhaub taum tsuas tsis pib nrog qhov kev xaiv no, tsuas yog -stderrthreshold = info ua haujlwm.
Peb ua tiav ntawm no thiab Arun B. tau hais tias nws yuav sim rov tsim kuv cov kauj ruam kom tau txais qhov yuam kev qub. Hnub tom qab kuv tau txais cov lus teb los ntawm Arun B. nws tsis tau tso tseg qhov teeb meem no, tab sis coj mus rau qhov kev tshuaj xyuas code ntawm lawv vpc-controller thiab pom qhov chaw nyob qhov twg thiab vim li cas nws tsis ua haujlwm:
Yog li, yog tias koj siv cov lus tseem ceeb hauv koj lub VPC, tom qab ntawd los ntawm lub neej ntawd nws tsis muaj kev koom tes nrog cov subnets tsim nyog, uas yog qhov tsim nyog rau vpc-controller, nyob rau hauv rooj plaub ntawm pej xeem subnet, nws muaj cov lus kev cai. uas muaj kev koom tes.
Los ntawm manually ntxiv cov koom haum rau cov lus tseem ceeb nrog cov subnets tsim nyog, thiab rov tsim cov nodegroup, txhua yam ua haujlwm zoo kawg nkaus.
Kuv vam tias Arun B. yuav qhia cov kab no tiag tiag rau EKS cov neeg tsim khoom thiab peb yuav pom ib qho tshiab ntawm vpc-controller qhov twg txhua yam yuav ua haujlwm tawm ntawm lub thawv. Tam sim no qhov tseeb version yog: 602401143452.dkr.ecr.ap-southeast-1.amazonaws.com/eks/vpc-resource-controller:0.2.1
muaj qhov teeb meem no.
Ua tsaug rau txhua tus neeg uas tau nyeem txog qhov kawg, sim txhua yam koj yuav tau siv hauv kev tsim khoom ua ntej kev siv.
Tau qhov twg los: www.hab.com