Windows 只能使用 Azure-CNI 将代理池添加到 AKS 群集

Windows agent pools can only be added to AKS clusters using Azure-CNI

我正在尝试使用 Windows 节点池 对 Azure Kubernetes 服务集群 (AKS) 进行 Terraform,但出现以下错误:

Error: creating Managed Kubernetes Cluster "example-aks1" (Resource Group "test-aks-resource"): containerservice.ManagedClustersClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="AzureCNIOnlyForWindows" Message="Windows agent pools can only be added to AKS clusters using Azure-CNI."

下面是命令行的屏幕截图:

我使用的代码是这样的:

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 2.63.0"
    }
  }
}

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "example" {
  name     = "test-aks-resource"
  location = "Central US"
}

resource "azurerm_kubernetes_cluster" "aks" {
  name                = "example-aks1"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  dns_prefix          = "exampleaks1"
  default_node_pool {
    name       = "default"
    node_count = 1
    vm_size    = "Standard_D2_v2"
  }

  identity {
    type = "SystemAssigned"
  }

  windows_profile {
    admin_username = "adminusername"
    admin_password = "xxxxxxxxxxxxx"
  }

  tags = {
    Environment = "dev"
  }
}

resource "azurerm_kubernetes_cluster_node_pool" "windows_node_pool" {
  kubernetes_cluster_id = azurerm_kubernetes_cluster.aks.id
  orchestrator_version  = azurerm_kubernetes_cluster.aks.kubernetes_version
  name                  = "winnp"
  node_count            = 1
  vm_size               = "Standard_D2_v2"
  os_type               = "Windows"
}

output "client_certificate" {
    sensitive = true
    value = azurerm_kubernetes_cluster.aks.kube_config.0.client_certificate
}

output "kube_config" {
    sensitive = true
    value = azurerm_kubernetes_cluster.aks.kube_config_raw
}

请注意,如果我从 Terraform 代码中删除以下块,则会出现不同的错误:

  windows_profile {
    admin_username = "adminusername"
    admin_password = "xxxxxxxxxxxxx"
  }

我得到的错误是:

Error: creating/updating Managed Kubernetes Cluster Node Pool "winnp" (Resource Group "test-aks-resource"): containerservice.AgentPoolsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="WindowsProfileMissing" Message="Windows profile definition is missing for the cluster."

命令行的屏幕截图:

显然,如果我删除“azurerm_kubernetes_cluster_node_pool”代码块,AKS 将使用默认 Linux 节点池创建。

所以我的问题是:如何将 Windows 节点池添加到 AKS?

原来我必须在“azurerm_kubernetes_cluster”中包含一个网络适配器:

network_profile {
  network_plugin = "azure"
}

更多详情:

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster#network_plugin

我通过更新 network_plugin = "azure" 解决了这个问题。

这是我发现的:

如果 network_profile 未定义,kubenet 配置文件将被 default 使用。

并且 Kubenet 是一个非常基本、简单的网络插件,仅在 Linux 上。

如果要使用Windows OS作为代理,请使用高级网络插件,例如Azure-CNI