Azure Stack HCI 上的 Azure Kubernetes 服务公共预览版的已知问题Known Issues for Azure Kubernetes Service on Azure Stack HCI Public Preview

本文介绍 Azure Stack HCI 上的 Azure Kubernetes 服务公共预览版的已知问题。This article describes known issues with the public preview release of Azure Kubernetes Service on Azure Stack HCI.

从 Azure Stack HCI 上的 AKS 失败部署中恢复Recovering from a failed AKS on Azure Stack HCI deployment

如果遇到部署问题或者要重置部署,请确保先关闭连接到 Azure Stack HCI 上的 Azure Kubernetes 服务的所有 Windows Admin Center 实例,然后从 PowerShell 管理窗口运行 Uninstall-AksHci。If you're experiencing deployment issues or want to reset your deployment make sure you close all Windows Admin Center instances connected to Azure Kubernetes Service on Azure Stack HCI before running Uninstall-AksHci from a PowerShell administrative window.

使用 kubectl 删除节点时,可能未删除关联 VMWhen using kubectl to delete a node, the associated VM might not be deleted

如果执行以下步骤,则会遇到此问题:You'll meet this issue if you follow these steps:

  • 创建 Kubernetes 群集Create a Kubernetes cluster
  • 将群集扩展到两个以上的节点Scale the cluster to more than two nodes
  • 使用“kubectl delete node <节点名称>”删除节点Use kubectl delete node to delete a node
  • 运行 kubectl get nodes。Run kubectl get nodes. 输出中未列出已删除的节点The removed node isn't listed in the output
  • 打开 PowerShell 管理窗口Open a PowerShell Admin Window
  • 运行 get-vm。Run get-vm. 仍会列出已删除的节点The removed node is still listed

这会导致系统无法识别节点缺失,并且不会启动新节点。This leads to the system not recognizing the node is missing and a new node will not spin up. 将来的版本将会解决此问题This will be fixed in a future release

必须在所有物理群集节点间和 Hyper-V 中配置时间同步Time synchronization must be configured across all physical cluster nodes and in Hyper-V

若要确保 gMSA 和 AD 身份验证正常工作,请确保将 Azure Stack HCI 群集节点配置为将其时间与域控制器或其他时间源同步,并将 Hyper-V 配置为将时间同步到任何虚拟机。To ensure gMSA and AD authentication works, ensure that the Azure Stack HCI cluster nodes are configured to synchronize their time with a domain controller or other time source and that Hyper-V is configured to synchronize time to any virtual machines.

已加入域的 Azure Stack HCI 节点需要特殊 Active Directory 权限Special Active Directory permissions are needed for domain joined Azure Stack HCI nodes

部署和配置 Azure Stack HCI 上的 Azure Kubernetes 服务的用户需要具有“完全控制”权限,才能在创建服务器和服务对象的 Active Directory 容器中创建 AD 对象。Users deploying and configuring Azure Kubernetes Service on Azure Stack HCI need to have "Full Control" permission to create AD objects in the Active Directory container the server and service objects are created in.

Get-AksHciLogs 命令可能会失败Get-AksHciLogs command may fail

对于大型群集,Get-AksHciLogs 命令可能会引发异常、未能枚举节点或不会生成 c:\wssd\ 输出文件。With large clusters the Get-AksHciLogs command may throw an exception, fail to enumerate nodes or will not generate c:\wssd\ output file. 这是因为用于压缩文件 Compress-Archive 的 PowerShell 命令的输出文件大小限制为 2 GB。This is because the PowerShell command to zip a file Compress-Archive has an output file size limit of 2 GB. 将来的版本将会解决此问题。This issue will be fixed in a future release.

Azure Kubernetes Service PowerShell 部署在创建新目标群集之前未检查可用内存Azure Kubernetes Service PowerShell deployment doesn't check for available memory before creating a new target cluster

创建 Kubernetes 节点之前,Aks-Hci PowerShell 命令不会验证主机服务器上的可用内存。The Aks-Hci PowerShell commands do not validate the available memory on the host server before creating Kubernetes nodes. 这可能会导致内存耗尽,虚拟机无法启动。This can lead to memory exhaustion and virtual machines to not start. 当前未正常处理此失败,部署将停止响应,且不会显示清楚的错误消息。This failure is currently not handled gracefully and the deployment will stop responding with no clear error message. 如果部署已停止响应,请打开 Eventviewer,并检查是否有 Hyper-V 相关错误消息指出没有足够的内存来启动 VM。If you have a deployment that stops responding, open Eventviewer and check for Hyper-V related error messages indicating not enough memory to start the VM. 将来的版本将会解决此问题This issue will be fixed in a future release

在配置了静态 IP、VLAN、SDN 或代理的 Azure Stack HCI 上,Azure Kubernetes 服务部署失败。Azure Kubernetes Service deployment fails on an Azure Stack HCI configured with static IPs, VLANs, SDN, or proxies.

在部署具有静态 IP、VLAN、SDN 或代理的 Azure Stack HCI 上的 Azure Kubernetes 服务群集时,部署会在群集创建时失败。While deploying Azure Kubernetes Service on an Azure Stack HCI cluster that has static IPs, VLANs, SDN, or proxies, the deployment fails at cluster creation. 将来的版本将会解决此问题。This issue will be fixed in a future release.

必须在宿主环境中禁用 IPv6IPv6 must be disabled in the hosting environment

如果 IPv4 和 IPv6 地址都绑定到物理 NIC,则群集的 cloudagent 服务会使用 IPv6 地址进行通信。If both IPv4 and IPv6 addresses are bound to the physical NIC, the cloudagent service for clustering uses the IPv6 address for communication. 部署框架中的其他组件仅使用 IPv4。Other components in the deployment framework only use IPv4. 这会导致 Windows Admin Center 无法连接到群集,会在尝试连接到计算机时报告远程处理失败。This will result in Windows Admin Center unable to connect to the cluster and will report a remoting failure when trying to connect to the machine. 解决方法:在物理网络适配器上禁用 IPv6。Workaround: Disable IPv6 on the physical network adapters. 将来的版本将会解决此问题This issue will be fixed in a future release

在 Azure Stack HCI 群集节点之间移动虚拟机会迅速导致 VM 启动失败Moving virtual machines between Azure Stack HCI cluster nodes quickly leads to VM startup failures

在 Azure Stack HCI 群集中使用群集管理工具将 VM 从一个节点(节点 A)移动到另一个节点(节点 B)时,VM 可能无法在新节点上启动。When using the cluster administration tool to move a VM from one node (Node A) to another node (Node B) in the Azure Stack HCI cluster, the VM may fail to start on the new node. 将 VM 移回原始节点之后,它也无法在其中启动。After moving the VM back to the original node it will fail to start there as well. 发生此问题的原因是,用于清理首次迁移的逻辑是以异步方式运行。This issue happens because the logic to clean up the first migration runs asynchronously. 因此,Azure Kubernetes 服务的“更新 VM 位置”逻辑会在节点 A 上的原始 Hyper-V 中找到 VM,并将它删除,而不是取消注册。As a result, Azure Kubernetes Service's "update VM location" logic finds the VM on the original Hyper-V on node A, and deletes it, instead of unregistering it. 解决方法:确保 VM 在新节点上已成功启动,然后再将它移回原始节点。Workaround: Ensure the VM has started successfully on the new node before moving it back to the original node. 将来的版本将会解决此问题This issue will be fixed in a future release

Azure Kubernetes 服务中的负载均衡器需要 DHCP 保留Load balancer in Azure Kubernetes Service requires DHCP reservation

Azure Stack HCI 上的 Azure Kubernetes 服务中的负载均衡解决方案使用 DHCP 将 IP 地址分配给服务终结点。The load balancing solution in Azure Kubernetes Service on Azure Stack HCI uses DHCP to assign IP addresses to service endpoints. 如果由于服务重启而导致服务终结点的 IP 地址发生更改,则 DHCP 租约会因为过期时间较短而过期。If the IP address changes for the service endpoint due to a service restart, DHCP lease expires due to a short expiration time. 因此,服务将无法访问,因为 Kubernetes 配置中的 IP 地址与终结点上的 IP 地址不同。The service will therefore become inaccessible because the IP address in the Kubernetes configuration is different from what it is on the end point. 这可能会导致 Kubernetes 群集成为不可用状态。This can lead to the Kubernetes cluster becoming unavailable. 若要解决此问题,请将 MAC 地址池用于负载均衡服务终结点,并为池中的每个 MAC 地址保留特定 IP 地址。To get around this issue, use a MAC address pool for the load balanced service endpoints and reserve specific IP addresses for each MAC address in the pool. 将来的版本将会解决此问题。This issue will be fixed in a future release.

无法将 Azure Kubernetes 服务部署到具有单独存储和计算群集的环境Cannot deploy Azure Kubernetes Service to an environment that has separate storage and compute clusters

Windows Admin Center 不会将 Azure Kubernetes 服务部署到具有单独存储和计算群集的环境,因为它期望计算和存储资源由同一群集提供。Windows Admin Center will not deploy Azure Kubernetes Service to an environment with separate storage and compute clusters as it expects the compute and storage resources to be provided by the same cluster. 在大多数情况下,它不会查找计算群集公开的 CSV,会拒绝继续部署。In most cases, it will not find CSVs exposed by the compute cluster and will refuse to continue with deployment. 将来的版本将会解决此问题。This issue will be fixed in a future release.

Windows Admin Center 仅支持桌面模式下的 Azure Stack HCI 的 Azure Kubernetes 服务Windows Admin Center only supports Azure Kubernetes Service for Azure Stack HCI in desktop mode

在预览版中,所有 Azure Stack HCI 的 Azure Kubernetes 服务功能仅在 Windows Admin Center 桌面模式下受支持。In preview, all Azure Kubernetes Service for Azure Stack HCI functionality is only supported in Windows Admin Center desktop mode. Windows 10 电脑必须安装 Windows Admin Center 网关。The Windows Admin Center gateway must be installed on a Windows 10 PC. 有关 Windows Admin Center 安装选项的详细信息,请访问 Windows Admin Center 文档For more information about Windows Admin Center installation options, visit the Windows Admin Center documentation. 未来的版本将支持其他场景。Additional scenarios will be supported in a future release.

如果需要重新启动,则 Azure Kubernetes 服务主机安装程序将在 Windows Admin Center 中失败Azure Kubernetes Service host setup fails in Windows Admin Center if reboots are required

如果需要重新启动正在使用的一个或多个服务器以安装 PowerShell 或 Hyper-V 等角色,则 Azure Kubernetes 服务主机安装程序向导将失败。The Azure Kubernetes Service host setup wizard will fail if the one or more servers you are using need to be rebooted to install roles like PowerShell or Hyper-V. 当前的解决方法是退出向导,并在服务器重新联机后在同一系统上重试。The current workaround is to exit the wizard and try again on the same system after the servers come back online. 将来的版本将会解决此问题。This issue will be fixed in a future release.

Azure Kubernetes 服务主机安装程序中的 Azure 注册步骤要求重试Azure registration step in Azure Kubernetes Service host setup asks to try again

使用 Windows Admin Center 设置 Azure Kubernetes 服务主机时,在 Azure 注册页上输入所需信息后,可能会要求你再试一次。When using Windows Admin Center to set up the Azure Kubernetes Service host, you may be asked to try again after entering the required information on the Azure registration page. 你可能需要在 Windows Admin Center 网关上再次登录 Azure,以继续执行此步骤。You may need to sign into Azure again on the Windows Admin Center gateway to proceed with this step. 将来的版本将会解决此问题。This issue will be fixed in a future release.

Windows 管理中心没有 Arc 脱离体验Windows Admin Center doesn't have an Arc offboarding experience

Windows 管理中心当前没有从 Azure Arc 下架群集的过程。若要删除已销毁的群集上的 Arc aganets,请导航到 Azure 门户中群集的资源组,并手动删除弧线内容。Windows Admin Center does not currently have a process to offboard a cluster from Azure Arc. To delete Arc aganets on a cluster that has been destroyed, navigate to the resource group the of the cluster in the Azure portal and manually delete the Arc content. 若要删除仍在运行的群集上的 Arc 代理,用户应运行以下命令:To delete Arc agents on a cluster that is still up and running, users should run the following command:

az connectedk8s delete

使用 Windows 管理中心设置 Azure Kubernetes 服务主机时,如果文件资源管理器处于打开状态,安装程序可能会失败When setting up an Azure Kubernetes Service host using Windows Admin Center, setup may fail if File Explorer is open

如果文件资源管理器是打开的,并且在到达 "检查和创建" 步骤时在 C:\Program Files\AksHci 目录中,则您的创建可能会失败,并出现错误 "进程无法访问文件 ' C:\Program Files\AksHci\wssdcloudagent.exe"。If File Explorer is open and in the C:\Program Files\AksHci directory when you reach the "Review + create" step, your creation may fail with the error "The process could not access the file 'C:\Program Files\AksHci\wssdcloudagent.exe'. 这是因为它正被另一个进程使用。This is because it's being used by another process. 若要避免此错误,请关闭文件资源管理器或导航到不同的目录,然后再执行此步骤。To avoid this error, close File Explorer or navigate to a different directory before reaching this step.