Madzulo abwino, ndikufuna kugawana nanu zomwe ndakumana nazo pakukhazikitsa ndikugwiritsa ntchito ntchito ya AWS EKS (Elastic Kubernetes Service) pazotengera za Windows, kapena m'malo mwake za kusatheka kuzigwiritsa ntchito, ndi cholakwika chomwe chimapezeka mu chidebe cha AWS, kwa iwo. omwe ali ndi chidwi ndi ntchitoyi ya zotengera za Windows, chonde pansi pa mphaka.
Ndikudziwa kuti zotengera za Windows si mutu wotchuka, ndipo anthu ochepa amazigwiritsa ntchito, komabe ndinaganiza zolemba nkhaniyi, popeza panali zolemba zingapo za HabrΓ© pa kubernetes ndi Windows ndipo akadali anthu otere.
Kunyumba
Zonse zidayamba pomwe adaganiza zosamukira ku kampani yathu kubernetes, yomwe ndi 70% Windows ndi 30% Linux. Pachifukwa ichi, ntchito yamtambo ya AWS EKS idawonedwa ngati imodzi mwazinthu zomwe zingatheke. Mpaka Okutobala 8, 2019, AWS EKS Windows inali mu Public Preview, ndidayamba nayo, mtundu wakale wa 1.11 wa kubernetes udagwiritsidwa ntchito pamenepo, koma ndidaganiza zowuyang'ana ndikuwona kuti ntchito yamtambo iyi inali pati, kaya ikugwira ntchito. konse, monga momwe zinakhalira, ayi, panali cholakwika ndi kuwonjezera kuchotsa pods, pamene akale anasiya kuyankha kudzera mkati ip kuchokera ku subnet yomweyo monga mawindo ogwira ntchito node.
Chifukwa chake, zidaganiza zosiya kugwiritsa ntchito AWS EKS m'malo mwa gulu lathu la kubernetes pa EC2 yomweyi, kokha tikadayenera kufotokoza zonse zofananira ndi HA tokha kudzera pa CloudFormation.
Amazon EKS Windows Container Support tsopano Ikupezeka Nthawi Zonse
ndi Martin Beeby | pa 08 OCT 2019
Ndisanakhale ndi nthawi yowonjezera template ku CloudFormation pagulu langa, ndidawona nkhaniyi
Inde, ndinasiya ntchito yanga yonse pambali ndikuyamba kuphunzira zomwe adachita ku GA, ndi momwe zonse zinasinthira ndi Public Preview. Inde, AWS, mwachita bwino, yasintha zithunzi za windows worker node kuti isinthe 1.14, komanso gulu lokha, mtundu 1.14 mu EKS, tsopano imathandizira ma node a windows. Project by Public Preview pa Adazibisa ndipo adati tsopano gwiritsani ntchito zolemba zovomerezeka pano:
Kuphatikiza gulu la EKS mu VPC yamakono ndi ma subnets
M'malo onse, mu ulalo womwe uli pamwambapa pa chilengezo komanso zolembedwa, adafunsidwa kuti atumize gululo kudzera pa ekstl utility kapena kudzera pa CloudFormation + kubectl pambuyo pake, pogwiritsa ntchito ma subnets aku Amazon, komanso kupanga patulani VPC pagulu latsopano.
Njira iyi si yoyenera kwa ambiri; choyamba, VPC yosiyana imatanthawuza ndalama zowonjezera pamtengo wake + kuyang'ana magalimoto ku VPC yanu yamakono. Kodi iwo omwe ali ndi zida zopangidwa kale mu AWS ndi maakaunti awo a Multiple AWS, VPC, subnets, matebulo apanjira, zipata zodutsa ndi zina zotero? Inde, simukufuna kuthyola kapena kukonzanso zonsezi, ndipo muyenera kuphatikizira gulu latsopano la EKS muzitsulo zamakono zamakono, pogwiritsa ntchito VPC yomwe ilipo ndipo, polekanitsa, makamaka pangani ma subnets atsopano a tsango.
Kwa ine, njira iyi idasankhidwa, ndidagwiritsa ntchito VPC yomwe ilipo, ndikuwonjezera ma subnets amtundu wa 2 ndi ma subnets achinsinsi a gulu latsopanolo, ndithudi, malamulo onse adaganiziridwa molingana ndi zolembedwa. .
Panalinso chikhalidwe chimodzi: palibe malo ogwira ntchito m'magulu a anthu omwe amagwiritsa ntchito EIP.
eksctl vs CloudFormation
Ndipanga kusungitsa nthawi yomweyo kuti ndidayesa njira zonse ziwiri zotumizira gulu, muzochitika zonsezi chithunzicho chinali chofanana.
Ndiwonetsa chitsanzo pogwiritsa ntchito eksctl popeza code pano idzakhala yaifupi. Pogwiritsa ntchito eksctl, perekani gululo mu masitepe atatu:
1. Timapanga gulu lokha + Linux worker node, yomwe pambuyo pake idzakhala ndi zotengera zamakina ndi vpc-controller yemweyo.
eksctl create cluster
--name yyy
--region www
--version 1.14
--vpc-private-subnets=subnet-xxxxx,subnet-xxxxx
--vpc-public-subnets=subnet-xxxxx,subnet-xxxxx
--asg-access
--nodegroup-name linux-workers
--node-type t3.small
--node-volume-size 20
--ssh-public-key wwwwwwww
--nodes 1
--nodes-min 1
--nodes-max 2
--node-ami auto
--node-private-networkingKuti mutumize ku VPC yomwe ilipo, ingotchulani id ya ma subnets anu, ndipo eksctl idzazindikira VPC yokha.
Kuti muwonetsetse kuti ma node anu ogwira ntchito atumizidwa ku subnet yachinsinsi, muyenera kufotokoza --node-private-networking ya nodegroup.
2. Timayika vpc-controller mu gulu lathu, lomwe lidzakonza ma node athu ogwira ntchito, kuwerengera ma adilesi aulere a IP, komanso chiwerengero cha ENIs pa chitsanzo, kuwonjezera ndi kuchotsa.
eksctl utils install-vpc-controllers --name yyy --approve3.Pambuyo pake zotengera zanu zakhazikitsidwa bwino pa Linux worker node yanu, kuphatikiza vpc-controller, chomwe chatsala ndikupanga nodegroup ina yokhala ndi windows ogwira ntchito.
eksctl create nodegroup
--region www
--cluster yyy
--version 1.14
--name windows-workers
--node-type t3.small
--ssh-public-key wwwwwwwwww
--nodes 1
--nodes-min 1
--nodes-max 2
--node-ami-family WindowsServer2019CoreContainer
--node-ami ami-0573336fc96252d05
--node-private-networkingNode yanu ikalumikizidwa bwino ndi gulu lanu ndipo zonse zikuwoneka kuti zili bwino, zili mu Ready status, koma ayi.
Zolakwika mu vpc-controller
Ngati tiyesa kuyendetsa ma pods pa Windows worker node, tipeza cholakwika:
NetworkPlugin cni failed to teardown pod "windows-server-iis-7dcfc7c79b-4z4v7_default" network: failed to parse Kubernetes args: pod does not have label vpc.amazonaws.com/PrivateIPv4Address]Ngati tiyang'ana mozama, tikuwona kuti chitsanzo chathu mu AWS chikuwoneka motere:
Ndipo ziyenera kukhala motere:
Kuchokera pa izi zikuwonekeratu kuti vpc-controller sanakwaniritse gawo lake pazifukwa zina ndipo sakanatha kuwonjezera maadiresi atsopano a IP pazochitikazo kuti ma pods azigwiritsa ntchito.
Tiyeni tiwone zipika za vpc-controller pod ndipo izi ndi zomwe tikuwona:
kubectl log -n kube-system
I1011 06:32:03.910140 1 watcher.go:178] Node watcher processing node ip-10-xxx.ap-xxx.compute.internal.
I1011 06:32:03.910162 1 manager.go:109] Node manager adding node ip-10-xxx.ap-xxx.compute.internal with instanceID i-088xxxxx.
I1011 06:32:03.915238 1 watcher.go:238] Node watcher processing update on node ip-10-xxx.ap-xxx.compute.internal.
E1011 06:32:08.200423 1 manager.go:126] Node manager failed to get resource vpc.amazonaws.com/CIDRBlock pool on node ip-10-xxx.ap-xxx.compute.internal: failed to find the route table for subnet subnet-0xxxx
E1011 06:32:08.201211 1 watcher.go:183] Node watcher failed to add node ip-10-xxx.ap-xxx.compute.internal: failed to find the route table for subnet subnet-0xxx
I1011 06:32:08.201229 1 watcher.go:259] Node watcher adding key ip-10-xxx.ap-xxx.compute.internal (0): failed to find the route table for subnet subnet-0xxxx
I1011 06:32:08.201302 1 manager.go:173] Node manager updating node ip-10-xxx.ap-xxx.compute.internal.
E1011 06:32:08.201313 1 watcher.go:242] Node watcher failed to update node ip-10-xxx.ap-xxx.compute.internal: node manager: failed to find node ip-10-xxx.ap-xxx.compute.internal.Kusaka pa Google sikunatsogolere ku chilichonse, chifukwa zikuwoneka kuti palibe amene adagwirapo cholakwikacho, kapena anali asanalembepo vuto, ndidayenera kuganizira za zomwe ndingasankhe poyamba. Chinthu choyamba chimene chinabwera m'maganizo chinali chakuti mwina vpc-controller sangathe kuthetsa ip-10-xxx.ap-xxx.compute.internal ndikuchifikira ndipo chifukwa chake zolakwika zimachitika.
Inde, ndithudi, timagwiritsa ntchito ma seva a DNS mu VPC ndipo, kwenikweni, sitigwiritsa ntchito Amazon, kotero ngakhale kutumiza sikunakonzedwe kuti ap-xxx.compute.internal domain. Ndinayesa chisankho ichi, ndipo sichinabweretse zotsatira, mwinamwake mayeserowo sanali oyera, choncho, powonjezerapo, poyankhulana ndi chithandizo chaumisiri, ndinagonjera lingaliro lawo.
Popeza panalibe malingaliro enieni, magulu onse achitetezo adapangidwa ndi eksctl palokha, kotero panalibe kukayikira za ntchito yawo, matebulo apanjira analinso olondola, nat, dns, intaneti yokhala ndi ma node ogwira ntchito inaliponso.
Komanso, ngati mutumiza node ya ogwira ntchito ku subnet ya anthu osagwiritsa ntchito -node-private-networking, node iyi idasinthidwa nthawi yomweyo ndi wolamulira wa vpc ndipo chilichonse chimagwira ntchito ngati mawotchi.
Panali njira ziwiri:
- Perekani ndikudikirira mpaka wina afotokoze cholakwika ichi mu AWS ndikuchikonza, ndiyeno mutha kugwiritsa ntchito AWS EKS Windows mosamala, chifukwa adangotulutsidwa mu GA (masiku 8 adutsa nthawi yolemba nkhaniyi), ambiri mwina tsatirani njira yomweyi .
- Lembani kwa AWS Support ndi kuwauza chiyambi cha vuto ndi mulu wonse wa zipika kuchokera kulikonse ndi kutsimikizira kwa iwo kuti utumiki wawo si ntchito pamene ntchito VPC wanu ndi subnets, si pachabe kuti tinali ndi Business thandizo, muyenera kugwiritsa ntchito mwina kamodzi :)
Kulumikizana ndi mainjiniya a AWS
Nditapanga tikiti pa portal, ndinasankha molakwika kuti andiyankhe kudzera pa Webusaiti - imelo kapena malo othandizira, kudzera munjira iyi akhoza kukuyankhani patatha masiku angapo, ngakhale kuti tikiti yanga inali ndi Severity - System yowonongeka, yomwe amatanthawuza kuyankha mkati mwa <maola a 12, ndipo popeza ndondomeko yothandizira Bizinesi ili ndi chithandizo cha 24/7, ndikuyembekeza zabwino, koma zinakhala ngati nthawi zonse.
Tikiti yanga sinagawidwe kuyambira Lachisanu mpaka Lolemba, ndiye ndinaganiza zowalemberanso ndikusankha njira yoyankhira Chat. Atadikirira kwakanthawi kochepa, Harshad Madhav adasankhidwa kuti andiwone, kenako zidayamba ...
Tidasokoneza pa intaneti kwa maola atatu motsatizana, kusamutsa zipika, kuyika gulu lomwelo mu labotale ya AWS kuti titsanzire vutoli, ndikupanganso gululo kumbali yanga, ndi zina zotero, chinthu chokha chomwe tidabwera nacho ndikuti zipika zinali zoonekeratu kuti resol sikugwira ntchito mayina a AWS amkati, zomwe ndidalemba pamwambapa, ndipo Harshad Madhav adandifunsa kuti ndipange kutumiza, akuti timagwiritsa ntchito DNS ndipo izi zitha kukhala vuto.
Kupititsa patsogolo
ap-xxx.compute.internal -> 10.x.x.2 (VPC CIDRBlock)
amazonaws.com -> 10.x.x.2 (VPC CIDRBlock)Izi ndi zomwe zidachitika, tsikulo lidatha. Harshad Madhav adalembanso kuti ayang'ane ndipo ziyenera kugwira ntchito, koma ayi, chisankhocho sichinathandize konse.
Kenako panali kulumikizana ndi mainjiniya ena a 2, m'modzi adangotuluka pamacheza, mwachiwonekere amawopa mlandu wovuta, wachiwiri adakhalanso tsiku langa ndikuwongolera zolakwika, kutumiza zipika, kupanga magulu kumbali zonse ziwiri, mu pomaliza anangoti chabwino, zimandiyendera, pano ine ndimachita chilichonse pang'onopang'ono muzolemba zovomerezeka ndipo inu ndi inu mupambana.
Kumeneko ndinamupempha mwaulemu kuti achoke ndikugawira munthu wina ku tikiti yanga ngati simukudziwa komwe mungayang'ane vutolo.
Finale
Pa tsiku lachitatu, injiniya watsopano Arun B. anapatsidwa kwa ine, ndipo kuyambira pachiyambi kulankhulana ndi iye yomweyo zinaonekeratu kuti sanali 3 akatswiri kale. Anawerenga mbiri yonse ndipo nthawi yomweyo anapempha kuti asonkhanitse zipikazo pogwiritsa ntchito zolemba zake pa ps1, zomwe zinali pa github yake. Izi zinatsatiridwanso ndi kubwerezabwereza kwa kupanga magulu, kutulutsa zotsatira za malamulo, kusonkhanitsa zipika, koma Arun B. anali kuyenda m'njira yoyenera kuweruza ndi mafunso omwe anafunsidwa kwa ine.
Kodi tidafika liti pothandizira -stderrthreshold=debug mu vpc-controller yawo, ndipo chinachitika ndi chiyani? ndithudi siigwira ntchito) pod samangoyamba ndi njirayi, kokha -stderrthreshold=info imagwira ntchito.
Tinamaliza apa ndipo Arun B. adanena kuti ayesa kubwereza mapazi anga kuti apeze cholakwika chomwecho. Tsiku lotsatira ndimalandira yankho kuchokera kwa Arun B. sanasiye nkhaniyi, koma adatenga ndondomeko yowunikira vpc-wolamulira wawo ndipo adapeza malo omwe ali ndi chifukwa chake sichigwira ntchito:
Chifukwa chake, ngati mugwiritsa ntchito tebulo lalikulu mu VPC yanu, ndiye kuti mwachisawawa ilibe mayanjano ndi ma subnets ofunikira, omwe ndi ofunikira kwambiri kwa wolamulira wa vpc, pankhani ya subnet yapagulu, ili ndi tebulo lanjira. ili ndi mgwirizano.
Powonjezera pamanja mayanjano patebulo lalikulu lanjira ndi ma subnets ofunikira, ndikupanganso gulu la node, chilichonse chimagwira ntchito bwino.
Ndikukhulupirira kuti Arun B. adzanenadi cholakwikachi kwa opanga EKS ndipo tiwona mtundu watsopano wa vpc-controller pomwe chilichonse chidzatuluka m'bokosi. Panopa mtundu waposachedwa ndi: 602401143452.dkr.ecr.ap-southeast-1.amazonaws.com/eks/vpc-resource-controller:0.2.1
ali ndi vuto ili.
Tithokoze kwa aliyense amene amawerenga mpaka kumapeto, yesani zonse zomwe mudzagwiritse ntchito popanga musanagwiritse ntchito.
Source: www.habr.com