帮助改进此页面
要帮助改进本用户指南,请选择位于每个页面右侧窗格中的在 GitHub 上编辑此页面链接。
利用集群见解为 Kubernetes 版本升级做好准备
Amazon EKS 集群见解提供建议,帮助您遵循 Amazon EKS 和 Kubernetes 最佳实践。每个 Amazon EKS 集群都会根据 Amazon EKS 精心策划的见解列表进行自动的定期检查。这些见解检查完全由 Amazon EKS 管理,并就如何解决任何调查发现提供建议。
-
在更新集群 Kubernetes 版本之前,请检查 Amazon EKS 控制台
中可观测性控制面板的集群见解选项卡。 -
如果您的集群已发现问题,请查看它们并进行适当的修复。这些问题包括指向 Amazon EKS 和 Kubernetes 的链接。
-
修复问题后,等待集群见解刷新。如果所有问题都已解决,则请更新您的集群。
重要
Amazon EKS 暂时回滚了一项功能,该功能要求您在遇到某些集群见解问题时使用 --force 标志升级集群。有关更多信息,请参阅 GitHub 上的 Temporary rollback of enforcing upgrade insights on update cluster version
Amazon EKS 每 24 小时更新一次集群见解。有关更多信息,请参阅 步骤 3:更新集群控制面板。
Amazon EKS 会返回与 Kubernetes 版本升级就绪情况相关的见解。升级见解可以发现可能影响 Kubernetes 集群升级的可能问题。这样可以最大限度地减少管理员准备升级所需的工作量,并提高新 Kubernetes 版本上应用程序的可靠性。Amazon EKS 会根据可能影响 Kubernetes 版本升级的问题列表自动扫描集群。Amazon EKS 经常根据对每个 Kubernetes 版本中所做更改的审查来更新见解检查列表。
Amazon EKS 升级见解加快了新版本的测试和验证过程。还允许集群管理员和应用程序开发人员通过强调问题和提供补救建议来利用最新 Kubernetes 功能。要查看已执行的见解检查列表以及 Amazon EKS 发现的任何相关问题,您可以调用 Amazon EKS ListInsights API 操作或在 Amazon EKS 控制台中查看。
集群见解将定期更新。您无法手动刷新集群见解。如果您修复集群问题,则将需要一些时间才能更新集群见解。要确定修复是否成功,请将更改部署的时间与集群洞察的“上次刷新时间”进行比较。
Amazon EKS 会自动创建集群访问条目。此条目会授予 EKS 查看有关集群的信息的权限。这些信息用于生成见解。有关更多信息,请参阅 AmazonEKSClusterInsightsPolicy。
查看集群见解(控制台)
-
从集群列表中,选择您希望查看见解的 Amazon EKS 集群的名称。
-
选择查看控制面板。
-
选择集群见解选项卡。
-
在升级见解表中,您将看到以下列:
-
名称 – Amazon EKS 对集群执行的检查。
-
见解状态 – 状态为“错误”的见解通常表示受影响的 Kubernetes 版本是当前集群版本的 N+1,而状态为“警告”的见解表示该见解适用于未来 Kubernetes 版本 N+2 或更高版本。状态为“通过”的见解表示 Amazon EKS 在您的集群中未发现与该见解检查相关的任何问题。状态为“未知”的见解表示 Amazon EKS 无法确定您的集群是否受到此见解检查的影响。
-
版本 – 见解检查可能存在问题的 Kubernetes 版本。
-
上次刷新时间:此集群上次刷新见解状态的时间。
-
上次转换时间:此见解上次更改状态的时间。
-
描述 – 来自见解检查的信息,包括警报和建议的补救措施。
-
查看集群见解(Amazon CLI)
-
确定您要检查哪个集群以获取见解。以下命令列出指定集群的见解。根据需要对该命令进行以下修改,然后运行修改后的命令:
-
将
region-code替换为 Amazon 区域的代码。 -
将
my-cluster替换为您的集群的名称。aws eks list-insights --regionregion-code--cluster-namemy-cluster示例输出如下。
{ "insights": [ { "id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "name": "Deprecated APIs removed in Kubernetes vX.XX", "category": "UPGRADE_READINESS", "kubernetesVersion": "X.XX", "lastRefreshTime": 1734557315.000, "lastTransitionTime": 1734557309.000, "description": "Checks for usage of deprecated APIs that are scheduled for removal in Kubernetes vX.XX. Upgrading your cluster before migrating to the updated APIs supported by vX.XX could cause application impact.", "insightStatus": { "status": "PASSING", "reason": "No deprecated API usage detected within the last 30 days.", }, }, { "id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", "name": "Kubelet version skew", "category": "UPGRADE_READINESS", "kubernetesVersion": "X.XX", "lastRefreshTime": 1734557309.000, "lastTransitionTime": 1734557309.000, "description": "Checks for kubelet versions of worker nodes in the cluster to see if upgrade would cause non compliance with supported Kubernetes kubelet version skew policy.", "insightStatus": { "status": "UNKNOWN", "reason": "Unable to determine status of node kubelet versions.", }, }, { "id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE33333", "name": "Deprecated APIs removed in Kubernetes vX.XX", "category": "UPGRADE_READINESS", "kubernetesVersion": "X.XX", "lastRefreshTime": 1734557315.000, "lastTransitionTime": 1734557309.000, "description": "Checks for usage of deprecated APIs that are scheduled for removal in Kubernetes vX.XX. Upgrading your cluster before migrating to the updated APIs supported by vX.XX could cause application impact.", "insightStatus": { "status": "PASSING", "reason": "No deprecated API usage detected within the last 30 days.", }, }, { "id": "a1b2c3d4-5678-90ab-cdef-EXAMPLEaaaaa", "name": "Cluster health issues", "category": "UPGRADE_READINESS", "kubernetesVersion": "X.XX", "lastRefreshTime": 1734557314.000, "lastTransitionTime": 1734557309.000, "description": "Checks for any cluster health issues that prevent successful upgrade to the next Kubernetes version on EKS.", "insightStatus": { "status": "PASSING", "reason": "No cluster health issues detected.", }, }, { "id": "a1b2c3d4-5678-90ab-cdef-EXAMPLEbbbbb", "name": "EKS add-on version compatibility", "category": "UPGRADE_READINESS", "kubernetesVersion": "X.XX", "lastRefreshTime": 1734557314.000, "lastTransitionTime": 1734557309.000, "description": "Checks version of installed EKS add-ons to ensure they are compatible with the next version of Kubernetes. ", "insightStatus": { "status": "PASSING", "reason": "All installed EKS add-on versions are compatible with next Kubernetes version."}, }, { "id": "a1b2c3d4-5678-90ab-cdef-EXAMPLEccccc", "name": "kube-proxy version skew", "category": "UPGRADE_READINESS", "kubernetesVersion": "X.XX", "lastRefreshTime": 1734557314.000, "lastTransitionTime": 1734557309.000, "description": "Checks version of kube-proxy in cluster to see if upgrade would cause non compliance with supported Kubernetes kube-proxy version skew policy.", "insightStatus": { "status": "PASSING", "reason": "kube-proxy versions match the cluster control plane version.", }, }, { "id": "a1b2c3d4-5678-90ab-cdef-EXAMPLEddddd", "name": "Deprecated APIs removed in Kubernetes vX.XX", "category": "UPGRADE_READINESS", "kubernetesVersion": "X.XX", "lastRefreshTime": 1734557315.000, "lastTransitionTime": 1734557309.000, "description": "Checks for usage of deprecated APIs that are scheduled for removal in Kubernetes vX.XX. Upgrading your cluster before migrating to the updated APIs supported by vX.XX could cause application impact.", "insightStatus": { "status": "PASSING", "reason": "No deprecated API usage detected within the last 30 days.", }, }, ], "nextToken": null, }
-
-
有关见解的描述性信息,请运行以下命令。根据需要对该命令进行以下修改,然后运行修改后的命令:
-
将
region-code替换为 Amazon 区域的代码。 -
请将
a1b2c3d4-5678-90ab-cdef-EXAMPLE22222替换为从集群见解列表中检索到的见解 ID。 -
将
my-cluster替换为您的集群的名称。aws eks describe-insight --region region-code --ida1b2c3d4-5678-90ab-cdef-EXAMPLE22222--cluster-name my-cluster示例输出如下。
{ "insight": { "id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", "name": "Kubelet version skew", "category": "UPGRADE_READINESS", "kubernetesVersion": "1.27", "lastRefreshTime": 1734557309.000, "lastTransitionTime": 1734557309.000, "description": "Checks for kubelet versions of worker nodes in the cluster to see if upgrade would cause non compliance with supported Kubernetes kubelet version skew policy.", "insightStatus": { "status": "UNKNOWN", "reason": "Unable to determine status of node kubelet versions.", }, "recommendation": "Upgrade your worker nodes to match the Kubernetes version of your cluster control plane.", "additionalInfo": { "Kubelet version skew policy": "https://kubernetes.io/releases/version-skew-policy/#kubelet", "Updating a managed node group": "https://docs.aws.amazon.com/eks/latest/userguide/update-managed-node-group.html", }, "resources": [], "categorySpecificSummary": { "deprecationDetails": [], "addonCompatibilityDetails": [] }, }, }
-