Masikati akanaka, ndinoda kugoverana newe ruzivo rwangu mukumisikidza nekushandisa iyo AWS EKS (Elastic Kubernetes Service) sevhisi yemidziyo yeWindows, kana kuti pamusoro pekusakwanisa kuishandisa, uye bug inowanikwa muAWS system mudziyo, kune avo. vanofarira sevhisi iyi yemidziyo yeWindows, ndapota pasi pekatsi.
Ndinoziva kuti Windows midziyo haisi nyaya yakakurumbira, uye vashoma vanhu vanozvishandisa, asi ini ndakafunga kunyora chinyorwa ichi, sezvo pakanga paine akati wandei ezvinyorwa paHabrΓ© kubernetes neWindows uye kuchine vanhu vakadaro.
Musha
Izvo zvese zvakatanga pakasarudzwa kutama masevhisi mukambani yedu kubernetes, inova 70% Windows uye 30% Linux. Nechinangwa ichi, iyo AWS EKS gore sevhisi yaionekwa seimwe yezvinogoneka sarudzo. Kusvika Gumiguru 8, 2019, AWS EKS Windows yaive muPublic Preview, ndakatanga nayo, iyo yekare 1.11 vhezheni yekubernetes yakashandiswa ipapo, asi ndakafunga kuitarisa zvakadaro ndoona kuti iri cloud sevhisi yaive padanho ripi, kuti yaishanda. zvachose, sezvazvakazoitika, kwete, yakanga iripo bhudzi pamwe nekuwedzera kwekubvisa pods, nepo vekare vakamira kupindura kuburikidza nemukati ip kubva kune imwechete subnet semahwindo worker node.
Naizvozvo, zvakasarudzwa kusiya kushandiswa kweAWS EKS tichifarira isu pachedu cluster pane kubernetes pane imwecheteyo EC2, chete isu taizofanirwa kutsanangura zvese kuenzanisa uye HA isu pachedu kuburikidza neCloudFormation.
Amazon EKS Windows Container Tsigiro ikozvino Kazhinji Inowanikwa
naMartin Beeby | muna 08 OCT 2019
Ndisati ndawana nguva yekuwedzera template kuCloudFormation yeboka rangu, ndakaona nhau idzi
Ehe, ndakaisa basa rangu rese parutivi ndokutanga kudzidza zvavakaitira GA, uye kuti zvese zvakachinja sei nePublic Preview. Hongu, AWS, yakaitwa zvakanaka, yakagadziridza mifananidzo ye windows worker node kushanduro 1.14, pamwe nesumbu pachayo, vhezheni 1.14 muEKS, ikozvino inotsigira windows node. Project by Public Preview pa Vakazvivhara ndokuti ikozvino shandisa zviri pamutemo zvinyorwa pano:
Kubatanidza EKS cluster mune yazvino VPC uye subnets
Mune zvese zvinyorwa, mune chinongedzo chiri pamusoro pechiziviso pamwe nemuzvinyorwa, zvakakurudzirwa kuendesa cluster kungave kuburikidza neiyo proprietary ekstl utility kana kuburikidza CloudFormation + kubectl mushure, uchingoshandisa veruzhinji subnets muAmazon, pamwe nekugadzira a. patsanura VPC yeboka idzva.
Iyi sarudzo haina kukodzera kune vakawanda; chekutanga, VPC yakaparadzana inoreva mamwe mari yemutengo wayo + yekutarisa traffic kune yako yazvino VPC. Chii chinofanira kuitwa nevaya vanotova neyakagadzirirwa-yakagadzirwa muAWS vane yavo Multiple AWS maakaundi, VPC, subnets, matafura enzira, gedhi rekufambisa uye zvichingodaro? Ehezve, haudi kutyora kana kuitazve zvese izvi, uye iwe unofanirwa kubatanidza iyo itsva EKS cluster mune yazvino network network, uchishandisa iyo iripo VPC uye, yekuparadzanisa, kunyanya kugadzira ma subnets matsva esumbu.
Mune mhaka yangu, nzira iyi yakasarudzwa, ndakashandisa VPC iripo, yakawedzera 2 chete ma subnets ehurumende uye 2 subnets yakavanzika yeboka idzva, hongu, mitemo yose yakatorwa maererano nezvinyorwa. .
Paivewo nechimiro chimwe chete: hapana node dzevashandi muruzhinji subnets vachishandisa EIP.
eksctl vs CloudFormation
Ini ndichaita chengetedzo ipapo kuti ndakaedza nzira mbiri dzekuisa sumbu, mune ese ari maviri mufananidzo wacho wakafanana.
Ini ndicharatidza muenzaniso chete kushandisa eksctl sezvo kodhi pano ichave ipfupi. Uchishandisa eksctl, shandisa cluster mumatanho matatu:
1. Isu tinogadzira cluster pachayo + Linux worker node, iyo inozogamuchira midziyo yehurongwa uye iyo yakafanana ill-fated vpc-controller.
eksctl create cluster
--name yyy
--region www
--version 1.14
--vpc-private-subnets=subnet-xxxxx,subnet-xxxxx
--vpc-public-subnets=subnet-xxxxx,subnet-xxxxx
--asg-access
--nodegroup-name linux-workers
--node-type t3.small
--node-volume-size 20
--ssh-public-key wwwwwwww
--nodes 1
--nodes-min 1
--nodes-max 2
--node-ami auto
--node-private-networkingKuti uendese kune VPC iripo, ingo tsanangura id yema subnets ako, uye eksctl ichasarudza iyo VPC pachayo.
Kuti uve nechokwadi chekuti node dzevashandi vako dzinoiswa chete kune yakavanzika subnet, unofanirwa kutsanangura --node-yakavanzika-networking ye nodegroup.
2. Isu tinoisa vpc-controller muchikwata chedu, icho chichazogadzirisa node dzedu dzevashandi, kuverenga nhamba yemahara IP kero, pamwe chete nenhamba yeENIs pamuenzaniso, kuwedzera uye kubvisa.
eksctl utils install-vpc-controllers --name yyy --approve3.After your system containers have effectively launched on your Linux worker node, kusanganisira vpc-controller, zvose zvinosara ndezvekugadzira imwe nodegroup ine mahwindo vashandi.
eksctl create nodegroup
--region www
--cluster yyy
--version 1.14
--name windows-workers
--node-type t3.small
--ssh-public-key wwwwwwwwww
--nodes 1
--nodes-min 1
--nodes-max 2
--node-ami-family WindowsServer2019CoreContainer
--node-ami ami-0573336fc96252d05
--node-private-networkingMushure mekunge node yako yabudirira kubatana kune yako cluster uye zvese zvinoita kunge zvakanaka, zviri mu Ready mamiriro, asi kwete.
Kukanganisa muvpc-controller
Kana tikaedza kumhanyisa mapodhi pane windows worker node, tinowana kukanganisa:
NetworkPlugin cni failed to teardown pod "windows-server-iis-7dcfc7c79b-4z4v7_default" network: failed to parse Kubernetes args: pod does not have label vpc.amazonaws.com/PrivateIPv4Address]Kana tikatarisa zvakadzika, tinoona kuti muenzaniso wedu muAWS unotaridzika seizvi:
Uye inofanira kuva seizvi:
Kubva pane izvi zviri pachena kuti vpc-controller haina kuzadzisa chikamu chayo nekuda kwechimwe chikonzero uye haina kukwanisa kuwedzera ma IP kero kumuenzaniso kuitira kuti mapodhi avashandise.
Ngatitarisei matanda evpc-controller pod uye izvi ndizvo zvatinoona:
kubectl log -n cube-system
I1011 06:32:03.910140 1 watcher.go:178] Node watcher processing node ip-10-xxx.ap-xxx.compute.internal.
I1011 06:32:03.910162 1 manager.go:109] Node manager adding node ip-10-xxx.ap-xxx.compute.internal with instanceID i-088xxxxx.
I1011 06:32:03.915238 1 watcher.go:238] Node watcher processing update on node ip-10-xxx.ap-xxx.compute.internal.
E1011 06:32:08.200423 1 manager.go:126] Node manager failed to get resource vpc.amazonaws.com/CIDRBlock pool on node ip-10-xxx.ap-xxx.compute.internal: failed to find the route table for subnet subnet-0xxxx
E1011 06:32:08.201211 1 watcher.go:183] Node watcher failed to add node ip-10-xxx.ap-xxx.compute.internal: failed to find the route table for subnet subnet-0xxx
I1011 06:32:08.201229 1 watcher.go:259] Node watcher adding key ip-10-xxx.ap-xxx.compute.internal (0): failed to find the route table for subnet subnet-0xxxx
I1011 06:32:08.201302 1 manager.go:173] Node manager updating node ip-10-xxx.ap-xxx.compute.internal.
E1011 06:32:08.201313 1 watcher.go:242] Node watcher failed to update node ip-10-xxx.ap-xxx.compute.internal: node manager: failed to find node ip-10-xxx.ap-xxx.compute.internal.Kutsvaga paGoogle hakuna kutungamira kune chero chinhu, sezvo sezviri pachena hapana anga abata bug yakadaro, kana kuti anga asati atumira nyaya pairi, ndaifanira kufunga nezvesarudzo ini kutanga. Chinhu chekutanga chakauya mupfungwa ndechekuti pamwe vpc-controller haigone kugadzirisa ip-10-xxx.ap-xxx.compute.internal uye isvike uye saka zvikanganiso zvinoitika.
Hongu, zvirokwazvo, isu tinoshandisa tsika DNS maseva muVPC uye, musimboti, isu hatishandise maAmazon, saka kunyange kutumira hakuna kugadzirirwa iyi ap-xxx.compute.internal domain. Ndakaedza iyi sarudzo, uye haina kuunza mhedzisiro, pamwe bvunzo yacho yakanga isina kuchena, uye saka, zvakare, pakutaurirana nerutsigiro rwehunyanzvi, ndakabvuma zano ravo.
Sezvo pakanga pasina mazano chaiwo, mapoka ose ekuchengetedza akagadzirwa ne eksctl pachayo, saka pakanga pasina mubvunzo pamusoro pekushanda kwavo, matafura enzira akanga akaruramawo, nat, dns, Internet access with worker nodes yaivapowo.
Uyezve, kana iwe ukaendesa node yevashandi kune yeruzhinji subnet usingashandisi -node-yakavanzika-networking, iyi node yakagadziridzwa pakarepo nevpc-controller uye zvese zvakashanda sewachi.
Paive nesarudzo mbiri:
- Ipe uye umirire kusvikira mumwe munhu atsanangura iyi bug muAWS uye ivo vanoigadzirisa, uye ipapo iwe unogona kushandisa zvakachengeteka AWS EKS Windows, nekuti ivo vachangoburitswa muGA (8 mazuva apfuura panguva yekunyora chinyorwa ichi), vazhinji vangangodaro. tevera nzira imwe chete neyangu .
- Nyora kuAWS Tsigiro uye uvaudze iwo hunhu hwedambudziko neboka rose rematanda kubva kwese kwese uye uratidze kwavari kuti sevhisi yavo haishande kana uchishandisa VPC yako uye subnets, hazvisi pasina kuti isu taive neBusiness rutsigiro, iwe unofanirwa kushandisa. kamwechete kamwe :)
Kukurukurirana neAWS mainjiniya
Sezvo ndagadzira tikiti pane portal, ndakakanganisa kusarudza kupindura kwandiri kuburikidza neWebhu - email kana nzvimbo yekutsigira, kuburikidza nesarudzo iyi vanogona kukupindura mushure memazuva mashoma zvachose, zvisinei nekuti tikiti rangu raive neSeverity - System yakaremara, iyo zvaireva mhinduro mukati me <awa gumi nemaviri, uye sezvo chirongwa cheBusiness support chine 12/24 kutsigirwa, ndaitarisira zvakanakisisa, asi zvakazoitika senguva dzose.
Tikiti rangu rakasiiwa risina kugoverwa kubva Chishanu kusvika Muvhuro, ipapo ndakafunga kuvanyorera zvakare ndokusarudza Chat mhinduro sarudzo. Mushure mekumirira kwenguva pfupi, Harshad Madhav akagadzwa kuti andione, uye zvakabva zvatanga...
Isu takagadzirisa nayo pamhepo kwemaawa matatu akateedzana, tichiendesa matanda, tichiendesa iyo yakafanana cluster murabhoritari yeAWS kutevedzera dambudziko, kugadzira zvakare cluster pane yangu, uye zvichingodaro, chinhu chega chatakauya nacho ndechekuti kubva. matanda zvaive pachena kuti resol yanga isiri kushanda AWS emukati madomasi mazita, andakanyora pamusoro, uye Harshad Madhav akandikumbira kuti ndigadzire kutumira, tichiti isu tinoshandisa tsika DNS uye izvi zvinogona kuve dambudziko.
Kutsika
ap-xxx.compute.internal -> 10.x.x.2 (VPC CIDRBlock)
amazonaws.com -> 10.x.x.2 (VPC CIDRBlock)Ndizvo zvakaitwa, zuva rakanga rapfuura.
Ipapo kwakava nekutaurirana nevamwe mainjiniya maviri, mumwe akangodonha kubva mukutaura, sezviri pachena aitya nyaya yakaoma, wechipiri akapedza zuva rangu zvakare pane yakazara kutenderera kwedebugging, kutumira matanda, kugadzira masumbu pamativi ese, mu kupera akangoti zvakanaka, zvinondiitira ini, pano ini ndinoita zvese nhanho nhanho muzvinyorwa zvepamutemo uye iwe uye uchabudirira.
Kwazvo ndakamukumbira neruremekedzo kuti aende kunogovera mumwe munhu patikiti rangu kana usingazivi kwokutsvaka dambudziko racho.
Finale
Pazuva rechitatu, injini itsva Arun B. yakagoverwa kwandiri, uye kubva pakutanga kwekukurukurirana naye zvakabva zvajeka kuti iyi yakanga isiri iyo 3 mainjiniya apfuura. Akaverenga nhoroondo yose uye pakarepo akakumbira kuunganidza matanda achishandisa script yake pa ps1, iyo yaiva pagithub yake. Izvi zvakateverwa zvakare nekudzokororwa kwese kwekugadzira masumbu, kubudisa mirairo yemirairo, kuunganidza matanda, asi Arun B. akanga achifamba nenzira yakarurama achitonga nemibvunzo yakabvunzwa kwandiri.
Takasvika rini padanho rekugonesa -stderrthreshold=debug mune yavo vpc-controller, uye chii chakazoitika? hongu hazvishande) iyo pod haingotanga neiyi sarudzo, chete -stderrthreshold=info inoshanda.
Takapedza pano uye Arun B. akati aizoedza kuburitsa nhanho dzangu kuti awane kukanganisa kumwe chete. Zuva rakatevera ndinogamuchira mhinduro kubva kuna Arun B. haana kusiya nyaya iyi, asi akatora kodhi yekuongorora yevpc-controller uye akawana nzvimbo iyo uye nei isingashande:
Saka, kana iwe ukashandisa iyo huru nzira tafura muVPC yako, saka nekusarudzika haina hukama neinodiwa subnets, iyo inodiwa zvakanyanya kune vpc-controller, kana iri yeruzhinji subnet, ine tafura yenzira. iyo ine mubatanidzwa.
Nekuwedzera nemaoko masonganiro eiyo huru nzira tafura ine inodiwa subnets, uye zvakare kugadzira iyo nodegroup, zvese zvinoshanda zvakakwana.
Ndinovimba kuti Arun B. achanyatso taura iyi bug kune vanogadzira EKS uye isu tichaona vhezheni itsva yevpc-controller apo zvese zvichashanda kunze kwebhokisi. Parizvino shanduro yazvino ndeye: 602401143452.dkr.ecr.ap-southeast-1.amazonaws.com/eks/vpc-resource-controller:0.2.1
ane dambudziko iri.
Kutenda kune wese akaverenga kusvika kumagumo, edza zvese zvauri kuzoshandisa mukugadzira usati waitwa.
Source: www.habr.com