openshift 4.6 开始 windows container 正式GA,下面内容介绍下如何在AWS环境下部署和管理windows节点
install ocp on aws
openshift4.6 只支持AWS和Azure,以下内容是基于AWS进行。
在AWS上安装集群需要准备一个AWS账号,准备好AWS账号后可以创建一个bastion主机,然后在bastion主机上执行以下操作
sudo su -
ssh-keygen -N '' -f ~/.ssh/id_rsa
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa
curl -O https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-install-linux.tar.gz
curl -O https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux.tar.gz
tar zxvf openshift-client-linux.tar.gz -C /usr/local/sbin
tar zxvf openshift-install-linux.tar.gz -C /usr/local/sbin
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
mkdir -p cluster
openshift-install create install-config --dir ./cluster
[root@clientvm 0 ~]# openshift-install create install-config --dir ./cluster
? SSH Public Key /root/.ssh/8c97key.pub
? Platform aws
? AWS Access Key ID AKIARTJEFJKGSIH2EM5W
? AWS Secret Access Key [? for help] ****************************************
INFO Writing AWS credentials to "/root/.aws/credentials" (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html)
? Region us-west-1
INFO Credentials loaded from the "default" profile in file "/root/.aws/credentials"
? Base Domain *****
? Cluster Name wc
? Pull Secret [? for help] *****************
sed -i 's/OpenShiftSDN/OVNKubernetes/g' cluster/install-config.yaml
openshift-install create manifests --dir ./cluster
cp cluster/manifests/cluster-network-02-config.yml cluster/manifests/cluster-network-03-config.yml
# 这里必须按照以下内容修改 cluster/manifests/cluster-network-03-config.yml 文件,否则无法安装windows operator
You must configure hybrid networking with OVN-Kubernetes during the installation of your cluster. You cannot switch to hybrid networking after the installation process.
https://docs.openshift.com/container-platform/4.6/installing/installing_aws/installing-aws-network-customizations.html#nw-operator-configuration-parameters-for-ovn-sdn_installing-aws-network-customizations
apiVersion: operator.openshift.io/v1
kind: Network
metadata:
creationTimestamp: null
name: cluster
spec:
clusterNetwork:
- cidr: 10.128.0.0/14
hostPrefix: 23
externalIP:
policy: {}
networkType: OVNKubernetes
serviceNetwork:
- 172.30.0.0/16
defaultNetwork:
type: OVNKubernetes
ovnKubernetesConfig:
hybridOverlayConfig:
hybridClusterNetwork:
- cidr: 10.132.0.0/14
hostPrefix: 23
status: {}
openshift-install create cluster --dir ./cluster --log-level=info | tee /tmp/install.log
oc get network.operator cluster -o yaml
# 安装结果
INFO Waiting up to 10m0s for the openshift-console route to be created...
INFO Install complete!
安装后配置
# 添加用户, 添加管理员权限
kubeadmin用户无法登陆 prometheus
通过console添加htpasswd用户
oc adm policy add-cluster-role-to-user cluster-admin admin
安装winndow 节点
# 安装windows operator
通过WEB安装windows operator
oc get pod -n openshift-windows-machine-config-operator
# 创建key
尽量不要与安装时使用的key一致
oc create secret generic cloud-private-key --from-file=private-key.pem=${HOME}/.ssh/id_rsa \
-n openshift-windows-machine-config-operator
# 创建 windows machineset, example 如下
https://docs.openshift.com/container-platform/4.6/windows_containers/creating_windows_machinesets/creating-windows-machineset-aws.html#windows-machineset-aws_creating-windows-machineset-aws
# 文档上记录的是无效的windows AMI 名字,需要替换为新的,可以使用以下方式获取ami信息
aws ec2 describe-images \
--region us-east-2 \
--image-ids ami-0985ad2d7e5418b62
aws ec2 describe-images \
--filters Name=name,Values=Windows_Server-2019-English-Full-ContainersLatest-2021.01.13 \
--region us-west-1 \
--query 'Images[*].[ImageId]' \
--output=json | jq .[0][0]
ami-0a7ad1e8729dc6a33
# 获取集群 cluster id
oc get -o jsonpath='{.status.infrastructureName}{"\n"}' infrastructure cluster
# 检查集群 cluster id,对比其他machineset 使用的cluster id,确保无误
oc get machinesets -n openshift-machine-api
oc get machineset <machineset_name> -n \
openshift-machine-api -o yaml
oc get machineset wc-dllkf-worker-us-west-1a -n openshift-machine-api -o yaml
# 创建windows machineset
oc create -f demo-win-machine-set.yaml
# 等待windows machine 创建完成
oc get machine -n openshift-machine-api
windows node
# 创建windows ssh pod
oc create -f winc-ssh.yaml
oc get pod -n openshift-windows-machine-config-operator
oc get nodes -l kubernetes.io/os=windows
oc get nodes -l kubernetes.io/os=windows -o wide
oc -n openshift-windows-machine-config-operator rsh $(oc get pods -n openshift-windows-machine-config-operator -l app=winc-ssh -o name)
sshcmd.sh ip-10-0-154-0.us-east-2.compute.internal
docker pull mcr.microsoft.com/windows/servercore:ltsc2019
在windows 节点上部署应用
部署hello world
oc create -n default -f \
https://gist.githubusercontent.com/suhanime/683ee7b5a2f55c11e3a26a4223170582/raw/d893db98944bf615fccfe73e6e4fb19549a362a5/WinWebServer.yaml
oc expose svc/win-webserver
curl -s http://$(oc get route win-webserver -n default -o jsonpath='{.spec.host}')
# 进入windows 容器
oc exec -it $(oc get pods -l app=win-webserver -o name) powershell
tasklist
部署 IIS
oc expose deployment iis --type=LoadBalancer --name=iis
oc expose svc/iis
oc get route iis -n default -o jsonpath='{.spec.host}'
通过RuntimeClass调度部署windows应用
apiVersion: node.k8s.io/v1beta1
kind: RuntimeClass
metadata:
name: win-runtime
handler: 'docker'
scheduling:
nodeSelector:
kubernetes.io/os: 'windows'
tolerations:
- effect: NoSchedule
key: os
operator: Equal
value: "Windows"
在Deployment中使用 runtimeClassName
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: win-webserver
name: win-webserver
spec:
selector:
matchLabels:
app: win-webserver
replicas: 1
template:
metadata:
labels:
app: win-webserver
name: win-webserver
spec:
runtimeClassName: win-runtime
containers:
- name: windowswebserver
image: mcr.microsoft.com/windows/servercore:ltsc2019
imagePullPolicy: IfNotPresent
command:
- powershell.exe
- -command
- $listener = New-Object System.Net.HttpListener; $listener.Prefixes.Add('http://*:80/'); $listener.Start();Write-Host('Listening at http://*:80/'); while ($listener.IsListening) { $context = $listener.GetContext(); $response = $context.Response; $content='<html><body><H1>Windows Container Web Server</H1></body></html>'; $buffer = [System.Text.Encoding]::UTF8.GetBytes($content); $response.ContentLength64 = $buffer.Length; $response.OutputStream.Write($buffer, 0, $buffer.Length); $response.Close(); };
nodeSelector:
beta.kubernetes.io/os: windows
windows 节点扩容/缩容
oc get machinesets -n openshift-machine-api
# 通过machineset 扩容 节点
oc scale --replicas=2 machineset <machineset> -n openshift-machine-api
# oc scale --replicas=2 machineset win-dqfcf-windows-worker-us-west-1a -n openshift-machine-api
oc get machine -n openshift-machine-api
oc scale --replicas=1 machineset wc-dllkf-windows-worker-us-west-1a -n openshift-machine-api
监控
目前windows node 上没有安装监控组件,因此无法接入prometheus 监控体系
destroy ocp cluster
openshift-install destroy cluster --dir=cluster --log-level=info
网友评论