红帽全球峰会第 4 章 在 OpenShift Container Platform 中配置 Ansible 自动化控制器
在 Kubernetes 升级过程中,自动化控制器必须正在运行。
4.1. 最小化 OpenShift Container Platform 升级过程中的停机时间
在自动化控制器中进行以下更改,以便尽可能减少升级过程中的停机时间。
先决条件
- Ansible Automation Platform 2.4
- Ansible 自动化控制器 4.4
OpenShift Container Platform
- > 4.10.42
- > 4.11.16
- > 4.12.0
- Postgres 的高可用性(HA)部署
- 可以调度自动化控制器 pod 的多个 worker 节点
流程
在 AutomationController 规格中启用
RECEPTOR_KUBE_SUPPORT_RECONNECT:apiVersion: automationcontroller.ansible.com/v1beta1 kind: AutomationController metadata: ... spec: ... ee_extra_env: | - name: RECEPTOR_KUBE_SUPPORT_RECONNECT value: enabled ```在 AutomationController 规格中启用安全终止功能:
termination_grace_period_seconds: <time to wait for job to finish>
为 Web 和任务 pod 配置
podAntiAffinity,将部署分散到 AutomationController 规格中:task_affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: app.kubernetes.io/name operator: In values: - awx-task topologyKey: topology.kubernetes.io/zone weight: 100 web_affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: app.kubernetes.io/name operator: In values: - awx-web topologyKey: topology.kubernetes.io/zone weight: 100在 OpenShift Container Platform 中配置
PodDisruptionBudget:--- apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: automationcontroller-job-pods spec: maxUnavailable: 0 selector: matchExpressions: - key: ansible-awx-job-id operator: Exists --- apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: automationcontroller-web-pods spec: minAvailable: 1 selector: matchExpressions: - key: app.kubernetes.io/name operator: In values: - <automationcontroller_instance_name>-web --- apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: automationcontroller-task-pods spec: minAvailable: 1 selector: matchExpressions: - key: app.kubernetes.io/name operator: In values: - <automationcontroller_instance_name>-task
