阿里云ACK托管版初始化
阿里云ACK托管版配置图例
阿里云1.30.1版本
集群配置
在创建过程中注意几个选项
- 付费类型 (按量, 包年包月)
- 版本
- 选择VPC
- 网络插件
- 节点交换机
节点池配置
- 托管节点池功能
- 节点池实例规格
- 节点池期望数
- 系统盘容量
- 节点池操作系统
- 操作系统绑定密钥
- ECS标签
ECS标签 zone:prod ecs/monitor:true 节点标签 node.kubernetes.io/type:lease node.kubernetes.io/env:prod node.kubernetes.io/resource:infra
- CPU策略
- 节点池安全组
节点池安全组 PROD-SG
- 自定义镜像
节点池系统镜像 Alibaba_Cloud_OS_3.2
- 自定义节点名称
- RDS白名单
- 节点初始化自定义数据
#!/bin/bash ################################################# ################## 修改主机名 ############### ################################################# ## 请输入主机的用途,如redis pika mysql k8s app 等 APP=K8S-WN ## 云服务提供商,如ali qcloud baidu ct 等 VENDOR=ali ## 云服务器所在区域,如shanghai hangzhou 等 REGION=shanghai ## 云服务器所在的区号 ZONE=l ## 运行环境 ENV=INFRA ## 服务器的IP地址 IP=$(ifconfig eth0 | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | awk '{print $2}') ## 取服务器的IP地址后二位 LAST_TWO_OCTETS=$(echo "$IP" | awk -F'.' '{print $(NF-1)"-"$NF}') ## 根据APP变量的值设置主机名 if [ "$APP" = "k8s" ]; then hostnamectl set-hostname --static "${ENV}-${APP}-${LAST_TWO_OCTETS}" else hostnamectl set-hostname --static "${ENV}-${APP}-${LAST_TWO_OCTETS}" fi echo "export CONTAINERD_NAMESPACE=k8s.io" >> /root/.bash_profile # 拉取rancher镜像 ctr images pull imagehub.qiangyun.com/rancher/rancher-webhook:v0.4.2 ctr images pull imagehub.qiangyun.com/rancher/shell:v0.1.22 ctr images pull imagehub.qiangyun.com/rancher/rancher-agent:v2.8.1
组件配置
- 集群ingress
- 集群DNS
- 集群监控
- 集群日志
- 基础组件
检查副本控制器的resources的配置
- deployment
kubectl get deployments --all-namespaces -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.metadata.namespace}{"\t"}{range .spec.template.spec.containers[*]}{.name}{"\t"}{.resources.requests.cpu}{"\t"}{.resources.requests.memory}{"\t"}{.resources.limits.cpu}{"\t"}{.resources.limits.memory}{"\n"}{end}{end}' | column -t arms-prometheus-ack-arms-prometheus arms-prom arms-prometheus-operator 1 1Gi 3 4Gi kube-state-metrics arms-prom kube-state-metrics 10m 32Mi 500m 2560Mi o11y-addon-controller arms-prom controller 10m 64Mi 500m 256Mi ack-cost-exporter kube-system alibaba-cloud-cost-exporter 100m 100Mi 1 1Gi ack-helm-manager kube-system manager 10m 64Mi 500m 128Mi ack-kubernetes-cronhpa-controller kube-system kubernetes-cronhpa-controller 100m 100Mi 100m 100Mi ack-node-local-dns-admission-controller kube-system webhook 100m 100Mi 1 1Gi ack-node-problem-detector-eventer kube-system eventer 50m 30Mi 2 2Gi ack-vpa-admission-controller kube-system admission-controller 50m 200Mi 200m 500Mi ack-vpa-recommender kube-system recommender 50m 500Mi 200m 1000Mi ack-vpa-updater kube-system updater 50m 500Mi 200m 1000Mi alibaba-log-controller kube-system alibaba-log-controller 50m 100Mi 200m 400Mi alicloud-monitor-controller kube-system alicloud-monitor-controller 10m 30Mi 500m 500Mi coredns kube-system coredns 100m 100Mi 2Gi csi-provisioner kube-system external-disk-provisioner 10m 16Mi 500m 1Gi external-disk-attacher 10m 16Mi 500m 1Gi external-disk-resizer 10m 16Mi 500m 1Gi external-csi-snapshotter 10m 16Mi 500m 1Gi external-snapshot-controller 10m 16Mi 500m 1Gi external-nas-provisioner 10m 16Mi 500m 1Gi external-nas-resizer 10m 16Mi 500m 1Gi external-oss-provisioner 10m 16Mi 500m 1Gi csi-provisioner 100m 128Mi 500m 1Gi metrics-server kube-system metrics-server 100m 200Mi 4 8Gi policy-template-controller kube-system policy-template-controller 100m 100Mi 100m 256Mi security-inspector kube-system security-inspector 100m 100Mi 100m 100Mi sls-kube-state-metrics kube-system sls-kube-state-metrics 10m 200Mi 1 1000Mi storage-auto-expander kube-system storage-auto-expander 10m 16Mi 100m 512Mi storage-cnfs kube-system storage-cnfs 10m 16Mi 100m 512Mi storage-controller kube-system storage-controller 100m 128Mi 500m 500Mi storage-monitor kube-system storage-monitor 10m 16Mi 100m 512Mi storage-operator kube-system storage-operator 10m 16Mi 100m 128Mi
- daemonset
kubectl get daemonset --all-namespaces -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.metadata.namespace}{"\t"}{range .spec.template.spec.containers[*]}{.name}{"\t"}{.resources.requests.cpu}{"\t"}{.resources.requests.memory}{"\t"}{.resources.limits.cpu}{"\t"}{.resources.limits.memory}{"\n"}{end}{end}' | column -t ack-prometheus-gpu-exporter arms-prom node-gpu-exporter 10m 32Mi 250m 512Mi node-exporter arms-prom node-exporter 10m 128Mi 1 1Gi kube-rbac-proxy 10m 32Mi 20m 128Mi ack-node-problem-detector-daemonset kube-system ack-node-problem-detector 100m 200Mi 1 1Gi ack-sysom-monitor kube-system sysom 250m 250Mi 1 1Gi csi-plugin kube-system disk-driver-registrar 10m 16Mi 500m 1Gi nas-driver-registrar 10m 16Mi 500m 1Gi oss-driver-registrar 10m 16Mi 500m 1Gi csi-plugin 100m 128Mi 500m 1Gi istio-tcpip-bypass kube-system ack-istio-tcpip-bypass 100m 128Mi 500m 256Mi kube-proxy-worker kube-system kube-proxy-worker 100m 100Mi 1 500Mi kube-proxy-worker-windows kube-system kube-proxy-worker logtail-ds kube-system logtail 100m 256Mi 2 2Gi node-local-dns kube-system node-cache 25m 5Mi 1 1Gi terway-eniip kube-system terway 100m 100Mi 100m 256Mi policy 250m 100Mi 1
- statefulsets
kubectl get statefulsets --all-namespaces -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.metadata.namespace}{"\t"}{range .spec.template.spec.containers[*]}{.name}{"\t"}{.resources.requests.cpu}{"\t"}{.resources.requests.memory}{"\t"}{.resources.limits.cpu}{"\t"}{.resources.limits.memory}{"\n"}{end}{end}' | column -t logtail-statefulset kube-system logtail 100m 256Mi 2 2Gi
新增节点池
- Infra-Pool 唯一不同之处, 为什么在Infra-Pool资源池使用污点功能, 原因是因为避免Addons组件被调度到此资源池, 此资源池功能作用于业务基础组件 (中间件)