支持控制台(Console)开发人员开始试用联系人

43.4. 在集群中部署自动扩展组件

在创建 Launch Configuration 和自动扩展组后,您可以将自动扩展组件部署到集群中。

先决条件

  • 在 AWS 中安装 OpenShift Container Platform 集群。
  • 创建 primed 镜像。
  • 创建启动配置和自动扩展组,以引用 primed 镜像。

流程

部署 auto-scaler:

  1. 更新集群,以运行 auto-scaler:

    1. 默认情况下,将以下参数添加到用于创建集群的清单文件,默认为 /etc/ansible/hosts

      openshift_master_bootstrap_auto_approve=true

    2. 要获取自动扩展组件,请切换到 playbook 目录并再次运行 playbook: 

      $ cd /usr/share/ansible/openshift-ansible
$ ansible-playbook -i </path/to/inventory/file> \
    playbooks/openshift-master/enable_bootstrap.yml

    3. 确认 bootstrap-autoapprover pod 正在运行: 

      $ oc get pods --all-namespaces | grep bootstrap-autoapprover
NAMESPACE               NAME                                             READY     STATUS    RESTARTS   AGE
openshift-infra         bootstrap-autoapprover-0                         1/1       Running   0

  2. 为 auto-scaler 创建命名空间: 

    $ oc apply -f - <<EOF
apiVersion: v1
kind: Namespace
metadata:
  name: cluster-autoscaler
  annotations:
    openshift.io/node-selector: ""
EOF

  3. 为 auto-scaler 创建服务帐户: 

    $ oc apply -f - <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-addon: cluster-autoscaler.addons.k8s.io
    k8s-app: cluster-autoscaler
  name: cluster-autoscaler
  namespace: cluster-autoscaler
EOF

  4. 创建集群角色,为服务帐户授予所需的权限: 

    $ oc apply -n cluster-autoscaler -f - <<EOF
apiVersion: v1
kind: ClusterRole
metadata:
  name: cluster-autoscaler
rules:
- apiGroups: 1
  - ""
  resources:
  - pods/eviction
  verbs:
  - create
  attributeRestrictions: null
- apiGroups:
  - ""
  resources:
  - persistentvolumeclaims
  - persistentvolumes
  - pods
  - replicationcontrollers
  - services
  verbs:
  - get
  - list
  - watch
  attributeRestrictions: null
- apiGroups:
  - ""
  resources:
  - events
  verbs:
  - get
  - list
  - watch
  - patch
  - create
  attributeRestrictions: null
- apiGroups:
  - ""
  resources:
  - nodes
  verbs:
  - get
  - list
  - watch
  - patch
  - update
  attributeRestrictions: null
- apiGroups:
  - extensions
  - apps
  resources:
  - daemonsets
  - replicasets
  - statefulsets
  verbs:
  - get
  - list
  - watch
  attributeRestrictions: null
- apiGroups:
  - policy
  resources:
  - poddisruptionbudgets
  verbs:
  - get
  - list
  - watch
  attributeRestrictions: null
EOF
    1
    如果存在 cluster-autoscaler 对象,请确保在 verb 创建pod/eviction 规则存在。

  5. 为部署自动扩展创建角色: 

    $ oc apply -n cluster-autoscaler -f - <<EOF
apiVersion: v1
kind: Role
metadata:
  name: cluster-autoscaler
rules:
- apiGroups:
  - ""
  resources:
  - configmaps
  resourceNames:
  - cluster-autoscaler
  - cluster-autoscaler-status
  verbs:
  - create
  - get
  - patch
  - update
  attributeRestrictions: null
- apiGroups:
  - ""
  resources:
  - configmaps
  verbs:
  - create
  attributeRestrictions: null
- apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create
  attributeRestrictions: null
EOF

  6. 创建 creds 文件来存储 auto-scaler 的 AWS 凭证: 

    $ cat <<EOF > creds
[default]
aws_access_key_id = your-aws-access-key-id
aws_secret_access_key = your-aws-secret-access-key
EOF

    auto-scaler 使用这些凭证来启动新实例。

  7. 创建包含 AWS 凭证的 secret: 

    $ oc create secret -n cluster-autoscaler generic autoscaler-credentials --from-file=creds

    auto-scaler 使用此 secret 在 AWS 中启动实例。

  8. 为您创建的 cluster-autoscaler 服务帐户创建并授予 cluster-reader 角色: 

    $ oc adm policy add-cluster-role-to-user cluster-autoscaler system:serviceaccount:cluster-autoscaler:cluster-autoscaler -n cluster-autoscaler

$ oc adm policy add-role-to-user cluster-autoscaler system:serviceaccount:cluster-autoscaler:cluster-autoscaler --role-namespace cluster-autoscaler -n cluster-autoscaler

$ oc adm policy add-cluster-role-to-user cluster-reader system:serviceaccount:cluster-autoscaler:cluster-autoscaler -n cluster-autoscaler

  9. 部署集群自动扩展: 

    $ oc apply -n cluster-autoscaler -f - <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: cluster-autoscaler
  name: cluster-autoscaler
  namespace: cluster-autoscaler
spec:
  replicas: 1
  selector:
    matchLabels:
      app: cluster-autoscaler
      role: infra
  template:
    metadata:
      labels:
	app: cluster-autoscaler
	role: infra
    spec:
      containers:
      - args:
	- /bin/cluster-autoscaler
	- --alsologtostderr
	- --v=4
	- --skip-nodes-with-local-storage=False
	- --leader-elect-resource-lock=configmaps
	- --namespace=cluster-autoscaler
	- --cloud-provider=aws
	- --nodes=0:6:mycluster-ASG
	env:
	- name: AWS_REGION
	  value: us-east-1
	- name: AWS_SHARED_CREDENTIALS_FILE
	  value: /var/run/secrets/aws-creds/creds
	image: registry.redhat.io/openshift3/ose-cluster-autoscaler:v3.11
	name: autoscaler
	volumeMounts:
	- mountPath: /var/run/secrets/aws-creds
	  name: aws-creds
	  readOnly: true
      dnsPolicy: ClusterFirst
      nodeSelector:
	node-role.kubernetes.io/infra: "true"
      serviceAccountName: cluster-autoscaler
      terminationGracePeriodSeconds: 30
      volumes:
      - name: aws-creds
	secret:
	  defaultMode: 420
	  secretName: autoscaler-credentials
EOF
Red Hat logoGithubRedditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

© 2024 Red Hat, Inc.