本文主要介绍自建Kubernetes集群接入ACK注册集群并手动扩容阿里云ECS节点时的注意事项。
PS:您也可以选择使用ACK注册集群的节点池功能扩容阿里云ECS节点,请参考阿里云注册集群—混合集群-使用自定义节点添加脚本
为自建Kubernetes集群新扩容阿里云ECS节点
需要用户在节点初始化脚本中设置 --provider-id=${ALIBABA_CLOUD_PROVIDE_ID}* 以及追加*--node-labels=${ALIBABA_CLOUD_LABELS}。
ALIBABA_CLOUD_PROVIDE_ID 和 ALIBABA_CLOUD_LABELS 变量的值如下所示:
$ clusterID=xxxxx
$ aliyunRegionID=$(curl 100.100.100.200/latest/meta-data/region-id)
$ aliyunInstanceID=$(curl 100.100.100.200/latest/meta-data/instance-id)
$ ALIBABA_CLOUD_PROVIDE_ID=${aliyunRegionID}.${aliyunInstanceID}
$ ALIBABA_CLOUD_LABELS="ack.aliyun.com=${clusterID},alibabacloud.com/instance-id=${aliyunInstanceID},alibabacloud.com/external=true"批量为自建Kubernetes集群已有节点打标
自建Kubernetes集群接入ACK注册集群后,需要为已有节点添加节点标签,节点标签的作用如下所示:
- ack.aliyun.com=${clusterID}。用于ACK管控从集群维度识别自建Kubernetes中的阿里云ECS节点。
- alibabacloud.com/instance-id=${aliyunInstanceID}。用于ACK管控从节点维度识别自建Kubernetes中的阿里云ECS节点。
- alibabacloud.com/external=true。用于自建Kubernetes集群中Terway,CSI等组件识别阿里云ECS节点 。
部署global-job-controller
$ cat <<EOF > global-job-controller.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: global-job-controller
namespace: kube-system
labels:
app: global-job-controller
spec:
replicas: 1
selector:
matchLabels:
app: global-job-controller
template:
metadata:
labels:
app: global-job-controller
spec:
restartPolicy: Always
serviceAccount: jobs
containers:
- name: global-job-controller
image: registry.cn-hangzhou.aliyuncs.com/acs/global-job:v1.0.0.36-g0d1ac97-aliyun
env:
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: jobs
rules:
- apiGroups:
- jobs.aliyun.com
resources:
- globaljobs
verbs:
- "*"
- apiGroups:
- "*"
resources:
- pods
- events
- configmaps
verbs:
- "*"
- apiGroups:
- "*"
resources:
- nodes
verbs:
- "*"
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- create
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: jobs-role-bind
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: jobs
subjects:
- kind: ServiceAccount
name: jobs
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: jobs
namespace: kube-system
EOF$ kubectl apply -f global-job-controller.yaml等待global-job-controller运行正常。
部署globaljob
$ export CLUSTER_ID=xxxxxx
$ cat << EOF > globaljob.yaml
apiVersion: jobs.aliyun.com/v1alpha1
kind: GlobalJob
metadata:
name: globaljob
namespace: kube-system
spec:
maxParallel: 100
terminalStrategy:
type: Never
template:
spec:
serviceAccountName: ack
restartPolicy: Never
containers:
- name: globaljob
image: registry.cn-hangzhou.aliyuncs.com/acs/marking-agent:v1.13.1.39-g4186808-aliyun
imagePullPolicy: Always
env:
- name: REGISTRY_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: CLUSTER_ID
value: "$CLUSTER_ID"
$ kubectl apply -f globaljob.yaml运行完毕后可以检查ecs节点是否已经正确打标并释放上述资源。
$ kubectl delete -f globaljob.yaml -f global-job-controller.yaml
