openshift 4.6 開始 windows container 正式GA，下面內容介紹下如何在AWS環境下部署和管理windows節點

install ocp on aws

openshift4.6 只支持AWS和Azure，以下內容是基于AWS進行。
在AWS上安裝集群需要準備一個AWS賬號，準備好AWS賬號后可以創建一個bastion主機，然后在bastion主機上執行以下操作

sudo su - 

ssh-keygen  -N '' -f ~/.ssh/id_rsa

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa

curl -O  https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-install-linux.tar.gz
curl -O https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux.tar.gz

tar zxvf openshift-client-linux.tar.gz -C /usr/local/sbin
tar zxvf openshift-install-linux.tar.gz -C /usr/local/sbin    

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

mkdir -p cluster
    
openshift-install create install-config --dir ./cluster 

[root@clientvm 0 ~]# openshift-install create install-config --dir ./cluster
? SSH Public Key /root/.ssh/8c97key.pub
? Platform aws
? AWS Access Key ID AKIARTJEFJKGSIH2EM5W
? AWS Secret Access Key [? for help] ****************************************
INFO Writing AWS credentials to "/root/.aws/credentials" (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html)
? Region us-west-1
INFO Credentials loaded from the "default" profile in file "/root/.aws/credentials"
? Base Domain *****
? Cluster Name wc
? Pull Secret [? for help] *****************

sed -i 's/OpenShiftSDN/OVNKubernetes/g'  cluster/install-config.yaml

openshift-install create  manifests --dir ./cluster
cp cluster/manifests/cluster-network-02-config.yml cluster/manifests/cluster-network-03-config.yml

# 這里必須按照以下內容修改 cluster/manifests/cluster-network-03-config.yml  文件，否則無法安裝windows operator 

You must configure hybrid networking with OVN-Kubernetes during the installation of your cluster. You cannot switch to hybrid networking after the installation process.

https://docs.openshift.com/container-platform/4.6/installing/installing_aws/installing-aws-network-customizations.html#nw-operator-configuration-parameters-for-ovn-sdn_installing-aws-network-customizations


apiVersion: operator.openshift.io/v1
kind: Network
metadata:
  creationTimestamp: null
  name: cluster
spec:
  clusterNetwork:
  - cidr: 10.128.0.0/14
    hostPrefix: 23
  externalIP:
    policy: {}
  networkType: OVNKubernetes
  serviceNetwork:
  - 172.30.0.0/16
  defaultNetwork:
    type: OVNKubernetes
    ovnKubernetesConfig:
      hybridOverlayConfig:
        hybridClusterNetwork:
        - cidr: 10.132.0.0/14
          hostPrefix: 23
status: {}

openshift-install create cluster --dir ./cluster --log-level=info | tee /tmp/install.log

oc get network.operator cluster -o yaml 


# 安裝結果

INFO Waiting up to 10m0s for the openshift-console route to be created...
INFO Install complete!

安裝后配置

# 添加用戶， 添加管理員權限
kubeadmin用戶無法登陸 prometheus 

通過console添加htpasswd用戶

oc adm policy  add-cluster-role-to-user cluster-admin admin

安裝winndow 節點

# 安裝windows operator
通過WEB安裝windows operator 

oc get pod -n openshift-windows-machine-config-operator

# 創建key
盡量不要與安裝時使用的key一致 

oc create secret generic cloud-private-key --from-file=private-key.pem=${HOME}/.ssh/id_rsa \
    -n openshift-windows-machine-config-operator 

# 創建 windows machineset， example 如下
https://docs.openshift.com/container-platform/4.6/windows_containers/creating_windows_machinesets/creating-windows-machineset-aws.html#windows-machineset-aws_creating-windows-machineset-aws


# 文檔上記錄的是無效的windows AMI 名字，需要替換為新的，可以使用以下方式獲取ami信息

aws ec2 describe-images \
    --region us-east-2 \
    --image-ids ami-0985ad2d7e5418b62

aws ec2 describe-images \
    --filters Name=name,Values=Windows_Server-2019-English-Full-ContainersLatest-2021.01.13 \
    --region us-west-1 \
    --query 'Images[*].[ImageId]' \
    --output=json | jq .[0][0]

ami-0a7ad1e8729dc6a33

# 獲取集群 cluster id
oc get -o jsonpath='{.status.infrastructureName}{"\n"}' infrastructure cluster

# 檢查集群 cluster id，對比其他machineset 使用的cluster id，確保無誤
oc get machinesets -n openshift-machine-api

oc get machineset <machineset_name> -n \
     openshift-machine-api -o yaml

oc get machineset wc-dllkf-worker-us-west-1a -n openshift-machine-api -o yaml

# 創建windows machineset

oc create -f demo-win-machine-set.yaml

# 等待windows machine 創建完成
oc get machine -n openshift-machine-api

windows node

# 創建windows ssh pod 
oc create -f winc-ssh.yaml

oc get pod -n openshift-windows-machine-config-operator

oc get nodes -l kubernetes.io/os=windows

oc get nodes -l kubernetes.io/os=windows -o wide

oc -n openshift-windows-machine-config-operator rsh $(oc get pods -n openshift-windows-machine-config-operator -l app=winc-ssh -o name)

sshcmd.sh ip-10-0-154-0.us-east-2.compute.internal

docker pull mcr.microsoft.com/windows/servercore:ltsc2019

在windows 節點上部署應用

部署hello world

oc create -n default -f \
https://gist.githubusercontent.com/suhanime/683ee7b5a2f55c11e3a26a4223170582/raw/d893db98944bf615fccfe73e6e4fb19549a362a5/WinWebServer.yaml


oc expose svc/win-webserver

curl -s http://$(oc get route win-webserver -n default -o jsonpath='{.spec.host}')


# 進入windows 容器

oc exec -it $(oc get pods -l app=win-webserver -o name) powershell

tasklist 

部署 IIS

oc expose deployment iis --type=LoadBalancer --name=iis
oc expose svc/iis 

oc get route iis -n default -o jsonpath='{.spec.host}'

通過RuntimeClass調度部署windows應用

apiVersion: node.k8s.io/v1beta1
kind: RuntimeClass
metadata:
  name: win-runtime 
handler: 'docker'
scheduling:
  nodeSelector: 
    kubernetes.io/os: 'windows'
  tolerations: 
  - effect: NoSchedule
    key: os
    operator: Equal
    value: "Windows"

在Deployment中使用 runtimeClassName

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: win-webserver
  name: win-webserver
spec:
  selector:
    matchLabels:
      app: win-webserver
  replicas: 1
  template:
    metadata:
      labels:
        app: win-webserver
      name: win-webserver
    spec:
      runtimeClassName: win-runtime
      containers:
      - name: windowswebserver
        image: mcr.microsoft.com/windows/servercore:ltsc2019
        imagePullPolicy: IfNotPresent
        command:
        - powershell.exe
        - -command
        - $listener = New-Object System.Net.HttpListener; $listener.Prefixes.Add('http://*:80/'); $listener.Start();Write-Host('Listening at http://*:80/'); while ($listener.IsListening) { $context = $listener.GetContext(); $response = $context.Response; $content='<html><body><H1>Windows Container Web Server</H1></body></html>'; $buffer = [System.Text.Encoding]::UTF8.GetBytes($content); $response.ContentLength64 = $buffer.Length; $response.OutputStream.Write($buffer, 0, $buffer.Length); $response.Close(); };
      nodeSelector:
        beta.kubernetes.io/os: windows

windows 節點擴容/縮容

oc get machinesets -n openshift-machine-api

# 通過machineset 擴容 節點
oc scale --replicas=2 machineset <machineset> -n openshift-machine-api
# oc scale --replicas=2 machineset win-dqfcf-windows-worker-us-west-1a -n openshift-machine-api

oc get machine -n openshift-machine-api

oc scale --replicas=1 machineset wc-dllkf-windows-worker-us-west-1a -n openshift-machine-api

監控

目前windows node 上沒有安裝監控組件，因此無法接入prometheus 監控體系

destroy ocp cluster

openshift-install destroy cluster --dir=cluster --log-level=info