Red Hat Training

A Red Hat training course is available for OpenShift Container Platform

43.4. 在集群中部署自动扩展组件

创建启动配置和自动扩展组后,您可以将自动扩展组件部署到集群中。

先决条件

  • 在 AWS 中安装 OpenShift Container Platform 集群。
  • 创建一个主要镜像。
  • 创建引用主要镜像的启动配置和自动扩展组。

流程

部署自动扩展器:

  1. 更新集群以运行自动扩展器:

    1. 将以下参数添加到用于创建集群的清单文件中,默认为 /etc/ansible/hosts

      openshift_master_bootstrap_auto_approve=true
    2. 要获取自动扩展组件,请切换到 playbook 目录并再次运行 playbook:

      $ cd /usr/share/ansible/openshift-ansible
      $ ansible-playbook -i </path/to/inventory/file> \
          playbooks/deploy_cluster.yml
    3. 确认 bootstrap-autoapprover pod 正在运行:

      $ oc get pods --all-namespaces | grep bootstrap-autoapprover
      NAMESPACE               NAME                                             READY     STATUS    RESTARTS   AGE
      openshift-infra         bootstrap-autoapprover-0                         1/1       Running   0
  2. 为自动扩展器创建一个命名空间:

    $ oc apply -f - <<EOF
    apiVersion: v1
    kind: Namespace
    metadata:
      name: cluster-autoscaler
      annotations:
        openshift.io/node-selector: ""
    EOF
  3. 为自动扩展器创建服务帐户:

    $ oc apply -f - <<EOF
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      labels:
        k8s-addon: cluster-autoscaler.addons.k8s.io
        k8s-app: cluster-autoscaler
      name: cluster-autoscaler
      namespace: cluster-autoscaler
    EOF
  4. 创建集群角色来为服务帐户授予所需的权限:

    $ oc apply -n cluster-autoscaler -f - <<EOF
    apiVersion: v1
    kind: ClusterRole
    metadata:
      name: cluster-autoscaler
    rules:
    - apiGroups: 1
      - ""
      resources:
      - pods/eviction
      verbs:
      - create
      attributeRestrictions: null
    - apiGroups:
      - ""
      resources:
      - persistentvolumeclaims
      - persistentvolumes
      - pods
      - replicationcontrollers
      - services
      verbs:
      - get
      - list
      - watch
      attributeRestrictions: null
    - apiGroups:
      - ""
      resources:
      - events
      verbs:
      - get
      - list
      - watch
      - patch
      - create
      attributeRestrictions: null
    - apiGroups:
      - ""
      resources:
      - nodes
      verbs:
      - get
      - list
      - watch
      - patch
      - update
      attributeRestrictions: null
    - apiGroups:
      - extensions
      - apps
      resources:
      - daemonsets
      - replicasets
      - statefulsets
      verbs:
      - get
      - list
      - watch
      attributeRestrictions: null
    - apiGroups:
      - policy
      resources:
      - poddisruptionbudgets
      verbs:
      - get
      - list
      - watch
      attributeRestrictions: null
    EOF
    1
    如果 cluster-autoscaler 对象存在,请确保在创建 verb 时存在 pod/eviction 规则
  5. 为部署自动扩展创建一个角色:

    $ oc apply -n cluster-autoscaler -f - <<EOF
    apiVersion: v1
    kind: Role
    metadata:
      name: cluster-autoscaler
    rules:
    - apiGroups:
      - ""
      resources:
      - configmaps
      resourceNames:
      - cluster-autoscaler
      - cluster-autoscaler-status
      verbs:
      - create
      - get
      - patch
      - update
      attributeRestrictions: null
    - apiGroups:
      - ""
      resources:
      - configmaps
      verbs:
      - create
      attributeRestrictions: null
    - apiGroups:
      - ""
      resources:
      - events
      verbs:
      - create
      attributeRestrictions: null
    EOF
  6. 创建 a creds 文件来存储自动扩展的 AWS 凭证:

    $ cat <<EOF > creds
    [default]
    aws_access_key_id = your-aws-access-key-id
    aws_secret_access_key = your-aws-secret-access-key
    EOF

    自动扩展器使用这些凭据来启动新实例。

  7. 创建包含 AWS 凭证的 secret:

    $ oc create secret -n cluster-autoscaler generic autoscaler-credentials --from-file=creds

    自动扩展器使用此机密在 AWS 中启动实例。

  8. 创建 cluster-reader 角色并将其授予您创建的 cluster-autoscaler 服务帐户:

    $ oc adm policy add-cluster-role-to-user cluster-autoscaler system:serviceaccount:cluster-autoscaler:cluster-autoscaler -n cluster-autoscaler
    
    $ oc adm policy add-role-to-user cluster-autoscaler system:serviceaccount:cluster-autoscaler:cluster-autoscaler --role-namespace cluster-autoscaler -n cluster-autoscaler
    
    $ oc adm policy add-cluster-role-to-user cluster-reader system:serviceaccount:cluster-autoscaler:cluster-autoscaler -n cluster-autoscaler
  9. 部署集群自动扩展:

    $ oc apply -n cluster-autoscaler -f - <<EOF
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      labels:
        app: cluster-autoscaler
      name: cluster-autoscaler
      namespace: cluster-autoscaler
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: cluster-autoscaler
          role: infra
      template:
        metadata:
          labels:
    	app: cluster-autoscaler
    	role: infra
        spec:
          containers:
          - args:
    	- /bin/cluster-autoscaler
    	- --alsologtostderr
    	- --v=4
    	- --skip-nodes-with-local-storage=False
    	- --leader-elect-resource-lock=configmaps
    	- --namespace=cluster-autoscaler
    	- --cloud-provider=aws
    	- --nodes=0:6:mycluster-ASG
    	env:
    	- name: AWS_REGION
    	  value: us-east-1
    	- name: AWS_SHARED_CREDENTIALS_FILE
    	  value: /var/run/secrets/aws-creds/creds
    	image: registry.redhat.io/openshift3/ose-cluster-autoscaler:v3.11
    	name: autoscaler
    	volumeMounts:
    	- mountPath: /var/run/secrets/aws-creds
    	  name: aws-creds
    	  readOnly: true
          dnsPolicy: ClusterFirst
          nodeSelector:
    	node-role.kubernetes.io/infra: "true"
          serviceAccountName: cluster-autoscaler
          terminationGracePeriodSeconds: 30
          volumes:
          - name: aws-creds
    	secret:
    	  defaultMode: 420
    	  secretName: autoscaler-credentials
    EOF