Lumela, ke batla ho arolelana le uena boiphihlelo ba ka ba ho theha le ho sebelisa ts'ebeletso ea AWS EKS (Elastic Kubernetes Service) bakeng sa lijana tsa Windows, kapa ho fapana le hoo ka ho se khonehe ho e sebelisa, le kokoana e fumanehang ka har'a sets'oants'o sa sistimi ea AWS, bakeng sa bao. ba thahasellang tšebeletso ena bakeng sa lijana tsa Windows, ka kopo tlas'a katse.
Kea tseba hore lijana tsa Windows ha se taba e tsebahalang, 'me ke batho ba fokolang ba li sebelisang, empa ke ntse ke nkile qeto ea ho ngola sengoloa sena, kaha ho ne ho e-na le lingoliloeng tse' maloa ka Habré ka kubernetes le Windows mme ho ntse ho e-na le batho ba joalo.
Tšimoloho
Tsohle li qalile ha ho etsoa qeto ea ho fallisetsa litšebeletso k'hamphaning ea rona ho kubernetes, e leng 70% Windows le 30% Linux. Bakeng sa morero ona, tšebeletso ea leru ea AWS EKS e ne e nkoa e le e 'ngoe ea likhetho tse ka khonehang. Ho fihlela la 8 Mphalane 2019, AWS EKS Windows e ne e le Ponong ea Sechaba, ke ile ka qala ka eona, mofuta oa khale oa 1.11 oa kubernetes o ne o sebelisoa moo, empa ke ile ka etsa qeto ea ho e hlahloba le ho bona hore na tšebeletso ena ea leru e ne e le boemong bofe, hore na e ne e sebetsa. ho hang, ha e le hantle, ha ho joalo, ho ne ho e-na le kokoanyana e nang le ho eketsoa ha li-pods, ha ba khale ba khaotsa ho arabela ka ip e ka hare ho tloha subnet e tšoanang le node ea basebetsi ba lifensetere.
Ka hona, ho ile ha etsoa qeto ea ho tlohela tšebeliso ea AWS EKS molemong oa sehlopha sa rona sa kubernetes ho EC2 e tšoanang, feela re tla tlameha ho hlalosa ho leka-lekanya le HA rona ka CloudFormation.
Amazon EKS Windows Container Support e se e fumaneha ka kakaretso
ka Martin Beeby | ka 08 OCT 2019
Pele ke ba le nako ea ho eketsa template ho CloudFormation bakeng sa sehlopha sa ka, ke bone litaba tsena
Ha e le hantle, ke ile ka beha mosebetsi oa ka ka thōko 'me ka qala ho ithuta seo ba se entseng bakeng sa GA, le hore na ntho e' ngoe le e 'ngoe e fetohile joang ka Public Preview. E, AWS, e entsoe hantle, e ntlafalitse litšoantšo tsa lifensetere node ea basebetsi ho version 1.14, hammoho le sehlopha ka boeona, phetolelo ea 1.14 ho EKS, joale e tšehetsa li-node tsa lifensetere. Project by Public Preview at Ba ile ba e koahela mme ba re joale sebelisa litokomane tsa molao mona:
Ho kopanya sehlopha sa EKS ho VPC ea hajoale le li-subnets
Mehloling eohle, sehokelong se kaholimo ho phatlalatso le litokomaneng, ho ile ha etsoa tlhahiso ea ho tsamaisa sehlopha ka ts'ebeliso ea eksctl kapa ka CloudFormation + kubectl kamora, ho sebelisa li-subnets tsa sechaba ho Amazon, hammoho le ho theha marang-rang. arola VPC bakeng sa sehlopha se secha.
Khetho ena ha e ea lokela ba bangata; pele, VPC e arohaneng e bolela litšenyehelo tse eketsehileng bakeng sa litšenyehelo tsa eona + ho sheba sephethephethe ho VPC ea hau ea hajoale. Ke eng eo ba seng ba ntse ba e-na le meaho e lokiselitsoeng ho AWS ka li-account tsa bona tse ngata tsa AWS, VPC, subnets, litafole tsa litsela, liheke tsa lipalangoang joalo-joalo? Ha e le hantle, ha u batle ho senya kapa ho etsa sena sohle, 'me u hloka ho kopanya sehlopha se secha sa EKS ho lisebelisoa tsa marang-rang tsa hona joale, u sebelisa VPC e teng,' me, bakeng sa karohano, hangata u theha li-subnets tse ncha bakeng sa sehlopha.
Tabeng ea ka, tsela ena e khethiloe, ke sebelisitse VPC e teng, ka eketsa li-subnets tsa sechaba tsa 2 feela le li-subnets tse 2 tsa poraefete bakeng sa sehlopha se secha, ha e le hantle, melao eohle e ile ea nkoa ho latela litokomane. .
Ho ne ho boetse ho e-na le boemo bo le bong: ha ho na li-node tsa basebetsi ho li-subnet tsa sechaba tse sebelisang EIP.
eksctl vs CloudFormation
Ke tla etsa pehelo hang-hang hore ke lekile mekhoa e 'meli ea ho tsamaisa sehlopha, maemong a mabeli setšoantšo se ne se tšoana.
Ke tla bontša mohlala feela ke sebelisa eksctl kaha khoutu mona e tla ba khuts'oane. U sebelisa eksctl, tsamaisa sehlopha ka mehato e 3:
1. Re theha sehlopha ka boeona + Linux worker node, eo hamorao e tla amohela lijana tsa tsamaiso le eona e sa sebetseng hantle vpc-controller.
eksctl create cluster
--name yyy
--region www
--version 1.14
--vpc-private-subnets=subnet-xxxxx,subnet-xxxxx
--vpc-public-subnets=subnet-xxxxx,subnet-xxxxx
--asg-access
--nodegroup-name linux-workers
--node-type t3.small
--node-volume-size 20
--ssh-public-key wwwwwwww
--nodes 1
--nodes-min 1
--nodes-max 2
--node-ami auto
--node-private-networkingE le hore u romele VPC e teng, hlalosa feela id ea subnets ea hau, 'me eksctl e tla khetholla VPC ka boeona.
Ho netefatsa hore li-node tsa hau tsa basebetsi li romelloa feela ho subnet ea poraefete, o hloka ho hlakisa --node-private-networking bakeng sa nodegroup.
2. Re kenya vpc-controller sehlopheng sa rona, se tla sebetsana le li-node tsa basebetsi ba rona, ho bala palo ea liaterese tsa mahala tsa IP, hammoho le palo ea ENIs ka mohlala, ho li eketsa le ho li tlosa.
eksctl utils install-vpc-controllers --name yyy --approve3.Ka mor'a hore li-container tsa hau tsa tsamaiso li hlahisoe ka katleho ho node ea basebetsi ba Linux, ho kenyelletsa le vpc-controller, se setseng ke ho theha sehlopha se seng se nang le lifensetere basebetsi.
eksctl create nodegroup
--region www
--cluster yyy
--version 1.14
--name windows-workers
--node-type t3.small
--ssh-public-key wwwwwwwwww
--nodes 1
--nodes-min 1
--nodes-max 2
--node-ami-family WindowsServer2019CoreContainer
--node-ami ami-0573336fc96252d05
--node-private-networkingKamora hore node ea hau e hokahane ka katleho le sehlopha sa hau mme tsohle li bonahala li lokile, e maemong a Ready, empa che.
Phoso ho vpc-controller
Haeba re leka ho tsamaisa li-pods ho node ea basebetsi ba windows, re tla fumana phoso:
NetworkPlugin cni failed to teardown pod "windows-server-iis-7dcfc7c79b-4z4v7_default" network: failed to parse Kubernetes args: pod does not have label vpc.amazonaws.com/PrivateIPv4Address]Haeba re sheba ka botebo, re bona hore mohlala oa rona ho AWS o shebahala tjena:
'Me e lokela ho ba tjena:
Ho tloha ho sena ho hlakile hore vpc-controller ha aa ka a phethahatsa karolo ea eona ka lebaka le itseng 'me a sitoa ho eketsa liaterese tse ncha tsa IP ho mohlala e le hore li-pods li ka li sebelisa.
Ha re shebeng lits'oants'o tsa vpc-controller pod mme sena ke seo re se bonang:
kubectl log -n be-system
I1011 06:32:03.910140 1 watcher.go:178] Node watcher processing node ip-10-xxx.ap-xxx.compute.internal.
I1011 06:32:03.910162 1 manager.go:109] Node manager adding node ip-10-xxx.ap-xxx.compute.internal with instanceID i-088xxxxx.
I1011 06:32:03.915238 1 watcher.go:238] Node watcher processing update on node ip-10-xxx.ap-xxx.compute.internal.
E1011 06:32:08.200423 1 manager.go:126] Node manager failed to get resource vpc.amazonaws.com/CIDRBlock pool on node ip-10-xxx.ap-xxx.compute.internal: failed to find the route table for subnet subnet-0xxxx
E1011 06:32:08.201211 1 watcher.go:183] Node watcher failed to add node ip-10-xxx.ap-xxx.compute.internal: failed to find the route table for subnet subnet-0xxx
I1011 06:32:08.201229 1 watcher.go:259] Node watcher adding key ip-10-xxx.ap-xxx.compute.internal (0): failed to find the route table for subnet subnet-0xxxx
I1011 06:32:08.201302 1 manager.go:173] Node manager updating node ip-10-xxx.ap-xxx.compute.internal.
E1011 06:32:08.201313 1 watcher.go:242] Node watcher failed to update node ip-10-xxx.ap-xxx.compute.internal: node manager: failed to find node ip-10-xxx.ap-xxx.compute.internal.Lipatlisiso ho Google ha lia ka tsa lebisa ho letho, kaha ho hlakile hore ha ho motho ea kileng a tšoara kokoanyana e joalo, kapa a e-s'o behe bothata ho eona, ke ile ka tlameha ho nahana ka likhetho pele. Ntho ea pele e ileng ea tla kelellong ke hore mohlomong vpc-controller e ke ke ea rarolla ip-10-xxx.ap-xxx.compute.internal le ho e fihlela, kahoo liphoso li etsahala.
E, ka sebele, re sebelisa li-server tsa DNS tse tloaelehileng ho VPC, 'me, ha e le hantle, ha re sebelise Amazon, kahoo esita le ho fetisa ha hoa ka ha etsoa bakeng sa sebaka sena sa ap-xxx.compute.internal. Ke ile ka leka khetho ena, 'me ha ea ka ea tlisa liphello, mohlomong tlhahlobo e ne e sa hloeka, ka hona, ho feta moo, ha ke buisana le tšehetso ea theknoloji, ke ile ka inehela khopolong ea bona.
Kaha ho ne ho se na maikutlo leha e le afe, lihlopha tsohle tsa ts'ireletso li entsoe ke eksctl ka boeona, kahoo ho ne ho se na lipelaelo mabapi le ts'ebeletso ea bona, litafole tsa litsela li ne li boetse li nepahetse, nat, dns, ho kena Inthaneteng ka li-node tsa basebetsi ho ne ho boetse ho le teng.
Ho feta moo, haeba u kenya node ea basebetsi ho subnet ea sechaba ntle le ho sebelisa -node-private-networking, node ena e ile ea ntlafatsoa hang-hang ke vpc-controller 'me ntho e' ngoe le e 'ngoe e sebetsa joaloka oache.
Ho ne ho e-na le likhetho tse peli:
- E fane 'me u eme ho fihlela motho e mong a hlalosa kokoana ena ho AWS' me ba e lokisa, 'me joale u ka sebelisa AWS EKS Windows ka mokhoa o sireletsehileng, hobane ba sa tsoa lokolloa ka GA (matsatsi a 8 a fetile nakong ea ho ngola sehlooho sena), mohlomong ba bangata ba tla. latela tsela e tšoanang le ea ka.
- Ngolla Tšehetso ea AWS 'me u ba bolelle hore na bothata ke bofe ka bongata ba li-logs tse tsoang hohle' me u ba bontše hore tšebeletso ea bona ha e sebetse ha u sebelisa VPC ea hau le li-subnets, ha se lefeela hore ebe re ne re e-na le tšehetso ea Khoebo, u lokela ho e sebelisa. bonyane hang :)
Puisano le baenjiniere ba AWS
Kaha ke entse tekete ho portal, ka phoso ke ile ka khetha ho nkaraba ka Web - imeile kapa setsi sa tšehetso, ka khetho ena ba ka u araba ka mor'a matsatsi a seng makae ho hang, ho sa tsotellehe hore tekete ea ka e ne e e-na le Severity - System e senyehile, eo e ne e bolela karabo ka hare ho lihora tse <12, 'me kaha morero oa ts'ehetso ea Khoebo o na le ts'ehetso ea 24/7, ke ne ke tšepile se molemo ka ho fetisisa, empa ho ile ha e-ba joalo kamehla.
Tekete ea ka e ile ea sala e sa abuoa ho tloha Labohlano ho fihlela Mantaha, eaba ke etsa qeto ea ho ba ngolla hape 'me ka khetha khetho ea karabo ea Chat. Ka mor'a ho ema nakoana, Harshad Madhav o ile a khethoa hore a mpone, 'me ha qala ...
Re ile ra e lokisa inthaneteng ka lihora tse 3 ka tatellano, re fetisetsa li-log, re kenya sehlopha se le seng ka laboratoring ea AWS ho etsisa bothata, ho theha sehlopha bocha ka lehlakoreng la ka, joalo-joalo, ntho feela eo re tlileng ho eona ke hore li-logs ho ne ho hlakile hore resol e ne e sa sebetse AWS domain domain names, eo ke e ngotseng ka holimo, 'me Harshad Madhav o ile a nkōpa hore ke thehe phetiso, ho thoe re sebelisa DNS e tloaelehileng mme sena se ka ba bothata.
Ho fetisetsa pele
ap-xxx.compute.internal -> 10.x.x.2 (VPC CIDRBlock)
amazonaws.com -> 10.x.x.2 (VPC CIDRBlock)Ke sona se ileng sa etsoa, letsatsi le felile. Harshad Madhav o ile a ngola hape ho e hlahloba mme e lokela ho sebetsa, empa che, qeto eo ha ea ka ea thusa ho hang.
Joale ho ne ho e-na le puisano le baenjiniere ba bang ba 2, e mong o ile a tsoa moqoqong feela, ho hlakile hore o ne a tšaba nyeoe e rarahaneng, oa bobeli o ile a qeta letsatsi la ka hape ka potoloho e feletseng ea ho lokisa liphoso, ho romela lifate, ho theha lihlopha ka mahlakoreng a mabeli, qetellong o ile a bua hantle feela, e sebetsa ho 'na, mona ke' na ke etsa ntho e 'ngoe le e' ngoe mohato ka mohato litokomaneng tsa molao 'me uena le uena u tla atleha.
Ho eona ke ile ka mo kōpa ka tlhompho hore a tsamaee ’me a abele motho e mong tekete ea ka haeba u sa tsebe moo u ka batlang bothata teng.
Qetellong
Ka letsatsi la boraro, moenjiniere e mocha Arun B. o ile a abeloa ho 'na,' me ho tloha qalong ea puisano le eena ho ile ha hlaka hang-hang hore ena e ne e se baenjiniere ba 3 ba fetileng. O ile a bala histori eohle 'me hang-hang a kōpa ho bokella lifate a sebelisa mongolo oa hae ho ps1, e neng e le github ea hae. Sena se ile sa lateloa hape ke liphetolelo tsohle tsa ho theha lihlopha, ho hlahisa liphetho tsa litaelo, ho bokella lifate, empa Arun B. o ne a tsamaea ka tsela e nepahetseng a ahlola ka lipotso tseo ke li botsitseng.
Re fihlile neng boemong ba ho nolofalletsa -stderrthreshold=debug ho vpc-controller ea bona, 'me ho ile ha etsahala'ng ka mor'a moo? ehlile ha e sebetse) pod ha e qale ka khetho ena, feela -stderrthreshold=info e sebetsa.
Re qetile mona mme Arun B. a re o tla leka ho hlahisa mehato ea ka hape ho fumana phoso e tšoanang. Letsatsing le hlahlamang ke fumana karabo e tsoang ho Arun B. ha aa ka a lahla nyeoe ena, empa o ile a nka khoutu ea tlhahlobo ea molaoli oa bona oa vpc mme a fumana sebaka seo e leng sona le hore na ke hobane'ng ha e sa sebetse:
Kahoo, haeba u sebelisa tafole e kholo ea litsela ho VPC ea hau, ka nako e sa lekanyetsoang ha e na likamano le li-subnets tse hlokahalang, tse hlokahalang haholo bakeng sa molaoli oa vpc, tabeng ea subnet ea sechaba, e na le tafole e tloaelehileng ea litsela. e nang le kopano.
Ka ho eketsa ka letsoho mekhatlo bakeng sa tafole e kholo ea litsela le li-subnet tse hlokahalang, le ho tsosolosa sehlopha sa node, ntho e 'ngoe le e' ngoe e sebetsa hantle.
Ke tšepa hore Arun B. o tla tlaleha kokoana ena ho baetsi ba EKS 'me re tla bona phetolelo e ncha ea vpc-controller moo ntho e' ngoe le e 'ngoe e tla sebetsa ka ntle ho lebokose. Hajoale mofuta oa morao-rao ke: 602401143452.dkr.ecr.ap-southeast-1.amazonaws.com/eks/vpc-resource-controller:0.2.1
e na le bothata bona.
Ke leboha motho e mong le e mong ea balileng ho fihlela qetellong, leka ntho e 'ngoe le e 'ngoe eo u tla e sebelisa tlhahisong pele ho ts'ebetsong.
Source: www.habr.com